CN102111274B - 用于建立可核查身份而又保密的平台和方法 - Google Patents
用于建立可核查身份而又保密的平台和方法 Download PDFInfo
- Publication number
- CN102111274B CN102111274B CN201110050584.XA CN201110050584A CN102111274B CN 102111274 B CN102111274 B CN 102111274B CN 201110050584 A CN201110050584 A CN 201110050584A CN 102111274 B CN102111274 B CN 102111274B
- Authority
- CN
- China
- Prior art keywords
- platform
- key
- assumed name
- proof
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
Abstract
在一个实施方案中,一种利用化名来保护平台和其用户身份的方法被描述。该方法包括产生包括公共化名密钥的化名。该公共化名密钥被放置到证明模板中。对证明模板进行散列运算,以产生证明散列值,从平台上对其进行变换。随后,向该平台返回签署结果。该签署结果是该变换的证明散列值的数字签名。对该签署结果进行逆变换后,就恢复了该证明散列值的数字签名。该数字签名可以用于此后利用该化名通讯的数据完整性检查。
Description
技术领域
本发明涉及的是数据安全领域。特别是,本发明涉及一种平台和方法,该平台和方法通过建立和使用化名来保护该平台的身份。
背景技术
技术的发展,为超出传统贸易方式的应用提供了许多机会。电子商务(e-commerce)和企业对企业(B2B)的交易现在变得普及,以很快的速度触及全球市场。不幸的是,在诸如计算机的电子平台为用户提供方便有效的贸易、通讯和交易的方法同时,也容易受到肆无忌惮的攻击。这一弱点在很大程度上使内容提供者不愿意以一种下载的数字形式来提供其内容。
当前,已经提出了各种机制来验证一个平台身份。这对于确定平台是否是一个“委托”装置(即该装置是否配置为防止在未授权的情况下以一种非加密的格式来拷贝数字内容)是特别有用的。一种验证方案包括使用一个分配给一个平台的唯一的序列号来识别该平台。另一独立于上述验证方案或与上述验证方案合作执行的验证方案包括采用一个永久密钥对。该永久密钥对包括(i)一个识别该平台的唯一公共密钥,和(ii)一个私用密钥,永久存储在该委托装置的存储器中。该私用密钥是秘密的,不向委托装置的外部提供。但是,这些验证方案有许多缺陷。
例如,这些验证方案中的每一个仍受到数据收集攻击。“数据收集”涉及对一段时间内从一个平台发送的数据的采集和分析。这样,采用平台序列号和永久密钥用于识别目的近来已经导致对用户隐私的担忧。而且,对于上述两种机制,一个用户不能容易和可靠地基于每个用户的形式访问和使用平台身份。
发明内容
按照本发明的实施例,提供一种方法,包括:在一平台中产生一包含一公共化名密钥的化名,其中该化名可被产生、分配并删除,一第一密钥对驻留在一永久存储器中;将该公共化名密钥放入一证明模板中;对该证明模板进行一散列运算,以产生一证明散列值;对该证明散列值进行一变换,用于从平台向外的传送;接收一签署结果,该签署结果是用于变换的证明散列值的数字签名;和对该签署结果进行一反变换,以恢复该证明散列值的一数字签名。
优选地,产生化名的步骤包括产生公共化名密钥和一对应于该公共化名密钥的私用化名密钥。
优选地,将该公共化名密钥放入一证明模板中的步骤包括将该公共化名密钥写入到证明模板的一字段中。
优选地,进行变换的步骤包括:利用一伪随机数对证明散列值进行一逻辑运算,以产生一不同于证明散列值的值。
优选地,该伪随机数是一预定值的由一伪随机值指定的反幂。
优选地,该伪随机值被存储在安全存储器中。
优选地,进行反变换的步骤包括利用伪随机数的倒数对签署结果进行一逻辑运算。
优选地,在接收数字签名之前,该方法包括:利用第一平台的一私用密钥,数字签署一包括变换的证明散列值的证明请求,以产生一签署的证明请求。
优选地,在接收数字签名之前,该方法进一步包括:与该签署的证明请求一起,获得一装置证明,即一包括一第一平台的一公共密钥的数字证明链。
优选地,在接收数字签名之前,该方法进一步包括:将签署的证明请求和装置证明传送到一第二平台。
优选地,该方法进一步包括:存储该证明散列值的数字签名,用于此后与一远处的平台进行通信。
按照本发明的实施例,提供一种装置,包括:一处理单元;和一永久存储器,以包含一第一密钥对及至少一个化名,用于与远处装置通讯及确定包含该装置的平台是安全的。
优选地,该装置进一步包括:一数字发生器,辅助产生该至少一个化名。
按照本发明的实施例,提供一种平台,包括:一收发器;和一与该收发器通讯的装置,该装置包括一永久存储器,来存储一永久密钥对、至少一个在该装置内部产生的化名、和一数字证明链的散列值的数字签名,该数字证明链包含化名的一公共化名密钥,其中该化名可被产生、分配并删除。
优选地,所述装置进一步包括:一处理单元,(i)将公共化名密钥写入到一证明模板中,以便(ii)对该证明模板进行一散列运算,以产生一证明散列值;(iii)对该证明散列值进行一变换。
优选地,所述装置的处理单元利用永久密钥对的一私用密钥,进一步产生至少变换的证明散列值的一数字签名。
优选地,装置的处理单元进一步附加具有该至少变换的证明散列值的数字签名的一装置证明。
优选地,该装置证明是一数字证明链。
按照本发明的实施例,提供一种使用一装置的永久存储器的方法,包括:在所述永久存储器中存储一第一密钥对。
优选地,所述方法进一步包括:利用一数字发生器辅助产生至少一个化名。
附图说明
根据下面对本发明的详细描述,可以清楚地了解本发明的特征和优点,其中:
图1是利用本发明的系统的说明性实施方案的方框图。
图2是图1中的第一平台中所采用的委托逻辑的说明性实施方案的方框图。
图3是描述图1中的第一平台中产生的化名的分配和使用的说明性实施方案的流程图。
图4和5是产生和验证化名的说明性实施方案的流程图。
具体实施方式
本发明涉及一种平台和方法,用于通过产生和使用化名来保护平台的身份。此处,阐明了某些细节,以便对本发明的有一个透彻的理解。但是,显然,对于本领域的技术人员来讲,可以通过许多不同于所描述的实施方案来实施本发明。为了避免不必要地使本发明不明显,对于众所周知的电路和加密技术不做详述。
在下面的描述中,利用术语来讨论本发明的某些特征。例如,“平台”包括处理信息的硬件和/或软件。平台的例子包括但不局限于或受限于下列任何情况:计算机(如台式机、膝上型电脑、手提式电脑、服务器、工作站等);数据传输设备(如路由器、交换机、传真机等),无线设备(如蜂窝基站、电话手机等);或者电视机顶盒。“软件”包括代码,当被执行时,实施某一功能。“信息”定义为数据、地址和/或控制的一个或多个位。
关于加密功能,“加密运算”是为信息附加安全性所执行的运算。这些运算可能包括加密、解密、散列计算等等。在某些情况下,加密运算需要使用密钥,即位序列。对于不对称密钥加密术,将装置与包含公共密钥和私用密钥的唯一永久密钥对相关联。
此外,不对称密钥加密术通常利用根证明。“根证明”是最初产生数字证明链时的公共密钥,并为随后所有的数字证明提供起始点。通常,“数字证明”包括用来验证信息发送者的信息。例如,根据CCITTRecommendation X.509:The Directory-Authentication Framework(1988),数字证明可以包括关于被验证的,即利用认证机关的私用密钥进行加密的个人或团体的信息(如密钥)。“认证机关”的例子包括原始设备制造商(OEM)、软件销售者、商贸协会、政府机构、银行或其它委托公司或个人。“数字证明链”包括如下所述的为认证而安排的两个或更多个数字证明的规则序列(ordered sequence),其中每个连续的证明代表先前证明的发出者。
“数字签名”包括利用其签署人的一个私用密钥签署的数字信息,以保证该数字信息在数字签署后没有被非法修改过。可以以其完整形式,或者以由单向散列运算产生的散列值来提供该数字信息。
“散列运算”是将信息单向变换为被称为“散列值”的固定长度的表示。通常,该散列值在尺寸上充分小于原始信息。在有些情况下,可以进行1∶1的原始信息变换。术语“单向”是指不易有反函数来恢复该固定长度的散列值的原始信息中任何可辨别的部分。散列函数的例子包括California Redwood City的RSA Data Security提供的MD5,或Secure Hash Algorithm(SHA-1),如1995年出版的标题为“FederalInformation Processing Standards Publication”的Secure HashStandard FIPS 180-1(1995年4月17日)所述的那样。
参考图1,图中显示了利用本发明的系统100的说明性实施方案方框图。系统100包括第一平台110和第二平台120。第一平台110是通过链路130与第二平台120进行通讯。“链路”被概括定义为一个或多个信息载运媒体(如电线、光纤、电缆、总线或无线信号技术)。当用户请求时,第一平台110产生并向第二平台120发送化名公共密钥140(下面描述)。在响应中,当可适用时,第二平台负责确认该化名公共密钥140是在第一平台110中由委托装置150产生。
现在参考图2,在一个实施方案中,委托装置150包括硬件和/或保护的软件。当采用访问控制方案来防止未授权的对软件的任何例程或子例程进行访问时,认为软件是“受保护的”。更具体地讲,装置150是一个或多个防止其它逻辑的窜改和窃取的集成电路。可以将该集成电路放置在一个单一集成电路(IC)组件或多IC组件中。组件提供附加的窜改保护。当然,如果不需附加的保护,可以采用没有任何IC组件的装置150。
这里,装置150包括处理单元200和永久存储器210(如非易失存储器、电池支持的随机存取存储器“RAM”等)。处理单元200是由内部处理信息的软件来控制的硬件。例如,处理单元200可以进行散列运算、进行逻辑运算(如乘法、除法等)、和/或通过使用数字签名算法进行数字签署信息来产生数字签名。永久存储器210包含在制造过程中编程的唯一的不对称密钥对220。用于核实化名,不对称密钥对220包括公共密钥(PUKP1)230和私用密钥(PRKP1)240。永久存储器210可以进一步包括第二平台120的公共密钥250(PUKP2),尽管如果可适用的话它可以被放置在装置150中的易失存储器(如RAM、寄存器组等)中。
在该实施方案中,装置150进一步包括数(字)发生器260,如随机数发生器,或伪随机数发生器。数(字)发生器260负责产生比特流,至少部分地用于产生一个或多个化名。“化名”是另一密钥对形式的别名身份,该另一密钥对用来建立与另一个平台的受保护的通讯,并确认其平台包括委托装置150。化名还支持询问/响应协议和许可绑定、保密和其它对特定平台的访问控制信息。但是,考虑数(字)发生器260也可从装置150的外部使用。在这种情况下,如果数(字)发生器260和装置150之间的通讯是受到保护的,则通过平台110可以实现更大的安全性。
参考图3,图中显示了说明化名的分配和使用的说明性实施方案的流程图。为了充分保护用户的机密,用户应当切实控制化名的产生、分配和删除。这样,响应用户明确应允,产生新的化名(程序块300和310)。而且,为了访问用来识别现有化名的信息(如标记、公共密钥等),需要用户明确的应允(程序块320和330)。可以通过向委托装置提供一个许可短语(pass-phrase)(如包含文字和数字的字符串)、令牌和/或生物统计特征,来给出明确的用户应允。例如,在一个实施方案中,可以通过一个用户输入装置(如键盘、鼠标、小键盘、操纵杆、触摸垫、轨迹球等)来输入用户许可短语,并将其传送到委托装置。在另一个实施方案中,逻辑电路外部的存储器可以包含通过用户的许可短语的散列值加密的化名。这些化名中的任何一个都可以通过再次提供用户的许可短语来解密供使用。
一旦产生了化名并配置用于与远程平台进行通讯,对于平台/平台的通讯,只要用户选择保持该化名,那么该化名就代表持久平台身份(程序块340,350和360)。
参考图4和5,图中显示了产生和验证化名的说明性实施方案的流程图。开始,接收到用户的请求时,由装置结合一数(字)来产生化名(程序块400)。个化名公共密钥(PPUKP1)被放置到数字证明模板中(程序块405)。该数字证明模板可以内部地存储在第一平台中,或由第二平台根据第一平台的证明请求来提供。因此,该数字证明模板经过散列运算,产生证明散列值(程序块410)。
随后,该证明散列值经过一个类似于美国专利No.4,759,063和4,759,064中所描述的变换,来创建一个“不可见的”证明散列值(程序块415)。特别是,将该证明散列值乘以伪随机数(例如预定数的伪随机选择的幂)。该伪随机幂在第一平台中是保密的(如放置在图2中的永久存储器210中)。
产生至少包括该变换的(或不可见的)证明散列值的证明请求(程序块420)。利用第一平台的私用密钥(PRKP1)来数字签署该证明请求(程序块425)。检索或产生装置证明,即第一实施方案中包含第一平台的公共密钥(PUKP1)的数字证明链,伴随签署的证明请求(程序块430)。在该实施方案中,装置证明的特征是具有包含PUKP1的高层证明和包括根证明的最低层证明。当然,该装置证明可以是包含PUKP1的单一数字证明。签署的证明请求和装置证明都利用第二平台的公共密钥(PUKP2)来加密,然后传送到第二平台(程序块435和440)。
在第二平台中,签署的证明请求和装置证明在利用第二平台的私用密钥(PRKP2)解密后被恢复(程序块445)。可以利用负责签署装置证明的证明机关的公共密钥来获得第一平台的公共密钥(PUKP1)(程序块450)。如果第二平台可以恢复证明请求,则第二平台对装置证明进行验证回到根证明(程序块455和460)。如果恢复了证明请求并验证了装置证明,则数字签署变换的(或不可见的)证明散列值,以产生“签署结果”(程序块465)。否则,如果不能确定变换的(或不可见的)证明散列值,或不能验证装置证明,则向第一平台返回出错消息(程序块470)。
从第二平台接收到签署结果时,第一平台对该信号结果进行一个反变换。例如,在该说明性实施方案中,第一平台将签署结果除以伪随机数(例如预定数的伪随机数反幂)的倒数,来恢复证明散列值的数字签名(程序块475和480)。该数字签名与一个或多个化名一同存储,用于以后与其它平台的通讯,来确定第一平台包括委托装置。
虽然参照说明性的实施方案对本发明进行了描述,但该说明不要被限制性地进行解释。对说明性实施方案的各种修改以及本发明的其它实施方案,只要对本领域技术人员而言明显的,都被认为是在本发明的精神和范围内。
Claims (20)
1.一种方法,包括:
在第一平台中产生一包含一公共化名密钥的化名,其中该化名可被产生、分配并删除,一第一密钥对驻留在一永久存储器中,第一密钥对包括第一平台的私用密钥和第一平台的公共密钥,所述公共化名密钥与第一平台的公共密钥分离;
将该公共化名密钥放入一数字证明模板中;
对该数字证明模板进行一散列运算,产生一证明散列值;
对该证明散列值进行一变换,用于从第一平台到第二平台的传送;
从第二平台接收一签署结果,该结果是用于变换的证明散列值的数字签名;和
在第一平台中对该签署结果进行一反变换,以恢复该证明散列值的一数字签名,
其中在接收数字签名之前,利用第一平台的所述私用密钥,数字签署一包括变换的证明散列值的证明请求,来产生一签署的证明请求;
与该签署的证明请求一起,获得一装置证明,即包括第一平台的所述公共密钥的数字证明链;以及
将签署的证明请求和装置证明加密并传送到第二平台。
2.依照权利要求1的方法,其中产生化名的步骤包括产生公共化名密钥和一对应于该公共化名密钥的私用化名密钥,其中所述私用化名密钥与第一平台的公共密钥分离。
3.依照权利要求1的方法,其中将该公共化名密钥放入一数字证明模板中的步骤包括将该公共化名密钥写入到数字证明模板的一字段中。
4.依照权利要求1的方法,其中进行变换的步骤包括:
利用一伪随机数对证明散列值进行一逻辑运算,以产生一不同于证明散列值的值。
5.依照权利要求4的方法,其中该伪随机数是一预定数值的由一伪随机值指定的相反次幂。
6.依照权利要求5的方法,其中该伪随机值被存储在安全存储器中。
7.依照权利要求4的方法,其中进行反变换的步骤包括利用伪随机数的倒数对签署结果进行一逻辑运算。
8.依照权利要求1的方法,进一步包括:
存储该证明散列值的数字签名,用于此后在第一平台和第二平台之间的通讯。
9.依照权利要求1-8中任何一项的方法,进一步包括:
在所述永久存储器中存储所述化名和数字签名。
10.依照权利要求9的方法,进一步包括:
利用一数字发生器辅助产生所述化名。
11.一种装置,包括:
用于在第一平台中产生一包含一公共化名密钥的化名的单元,其中该化名可被产生、分配并删除,一第一密钥对驻留在一永久存储器中,第一密钥对包括第一平台的私用密钥和第一平台的公共密钥,所述公共化名密钥与第一平台的公共密钥分离;
用于将该公共化名密钥放入一数字证明模板中的单元;
用于对该数字证明模板进行一散列运算、产生一证明散列值的单元;
用于对该证明散列值进行一变换、用于从第一平台到第二平台的传送的单元;
用于从第二平台接收一签署结果的单元,该结果是用于变换的证明散列值的数字签名;和
用于在第一平台中对该签署结果进行一反变换、以恢复该证明散列值的一数字签名的单元,
其中所述装置还包括:
用于在接收数字签名之前利用第一平台的所述私用密钥、数字签署一包括变换的证明散列值的证明请求、来产生一签署的证明请求的单元;
用于在接收数字签名之前与该签署的证明请求一起、获得一装置证明、即一包括一第一平台的所述公共密钥的数字证明链的单元;以及
用于在接收数字签名之前将签署的证明请求和装置证明加密并传送到一第二平台的单元。
12.依照权利要求11的装置,其中用于产生化名的单元包括用于产生公共化名密钥和一对应于该公共化名密钥的私用化名密钥的单元,其中所述私用化名密钥与第一平台的公共密钥分离。
13.依照权利要求11的装置,其中用于将该公共化名密钥放入一数字证明模板中的单元包括用于将该公共化名密钥写入到数字证明模板的一字段中的单元。
14.依照权利要求11的装置,其中用于进行变换的单元包括:
用于利用一伪随机数对证明散列值进行一逻辑运算、以产生一不同于证明散列值的值的单元。
15.依照权利要求14的装置,其中该伪随机数是一预定数值的由一伪随机值指定的相反次幂。
16.依照权利要求15的装置,其中该伪随机值被存储在安全存储器中。
17.依照权利要求14的装置,其中用于进行反变换的单元包括用于利用伪随机数的倒数对签署结果进行一逻辑运算的单元。
18.依照权利要求11的装置,进一步包括:
用于存储该证明散列值的数字签名、用于此后在第一平台和第二平台之间的通讯的单元。
19.依照权利要求11-18中任何一项的装置,进一步包括:
用于在所述永久存储器中存储所述化名和数字签名的单元。
20.如权利要求19所述的装置,进一步包括:
用于利用一数字发生器辅助产生所述化名的单元。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/605605 | 2000-06-28 | ||
US09/605,605 US6976162B1 (en) | 2000-06-28 | 2000-06-28 | Platform and method for establishing provable identities while maintaining privacy |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN01811981.6A Division CN1439207A (zh) | 2000-06-28 | 2001-06-14 | 用于建立可核查身份而又保密的平台和方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102111274A CN102111274A (zh) | 2011-06-29 |
CN102111274B true CN102111274B (zh) | 2014-07-02 |
Family
ID=24424404
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110050584.XA Expired - Fee Related CN102111274B (zh) | 2000-06-28 | 2001-06-14 | 用于建立可核查身份而又保密的平台和方法 |
CN01811981.6A Pending CN1439207A (zh) | 2000-06-28 | 2001-06-14 | 用于建立可核查身份而又保密的平台和方法 |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN01811981.6A Pending CN1439207A (zh) | 2000-06-28 | 2001-06-14 | 用于建立可核查身份而又保密的平台和方法 |
Country Status (5)
Country | Link |
---|---|
US (2) | US6976162B1 (zh) |
EP (1) | EP1297655A2 (zh) |
CN (2) | CN102111274B (zh) |
AU (1) | AU2001266942A1 (zh) |
WO (1) | WO2002001794A2 (zh) |
Families Citing this family (56)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020049681A1 (en) * | 2000-07-20 | 2002-04-25 | International Business Machines Corporation | Secure anonymous verification, generation and/or proof of ownership of electronic receipts |
JP2003228915A (ja) * | 2002-02-01 | 2003-08-15 | Sony Corp | 再生制御方法、プログラム、記録媒体 |
US7124273B2 (en) | 2002-02-25 | 2006-10-17 | Intel Corporation | Method and apparatus for translating guest physical addresses in a virtual machine environment |
US7069442B2 (en) | 2002-03-29 | 2006-06-27 | Intel Corporation | System and method for execution of a secured environment initialization instruction |
US7165181B2 (en) * | 2002-11-27 | 2007-01-16 | Intel Corporation | System and method for establishing trust without revealing identity |
US7461260B2 (en) * | 2002-12-31 | 2008-12-02 | Intel Corporation | Methods and apparatus for finding a shared secret without compromising non-shared secrets |
US7370212B2 (en) | 2003-02-25 | 2008-05-06 | Microsoft Corporation | Issuing a publisher use license off-line in a digital rights management (DRM) system |
CN100337442C (zh) * | 2003-06-27 | 2007-09-12 | 华为技术有限公司 | 一种在无线局域网中进行数据完整性保护的方法 |
US8079034B2 (en) | 2003-09-15 | 2011-12-13 | Intel Corporation | Optimizing processor-managed resources based on the behavior of a virtual machine monitor |
US7739521B2 (en) | 2003-09-18 | 2010-06-15 | Intel Corporation | Method of obscuring cryptographic computations |
EP1673675A2 (en) * | 2003-10-17 | 2006-06-28 | International Business Machines Corporation | Method and system for user attestation-signatures with attributes |
US7822689B2 (en) * | 2003-10-17 | 2010-10-26 | International Business Machines Corporation | Maintaining privacy for transactions performable by a user device having a security module |
US8156343B2 (en) | 2003-11-26 | 2012-04-10 | Intel Corporation | Accessing private data about the state of a data processing machine from storage that is publicly accessible |
US8037314B2 (en) | 2003-12-22 | 2011-10-11 | Intel Corporation | Replacing blinded authentication authority |
US20060242406A1 (en) | 2005-04-22 | 2006-10-26 | Microsoft Corporation | Protected computing environment |
US7298872B2 (en) * | 2004-08-17 | 2007-11-20 | Shawn Glisson | Electronic identification system for form location, organization, and endorsment |
US8347078B2 (en) * | 2004-10-18 | 2013-01-01 | Microsoft Corporation | Device certificate individualization |
US8176564B2 (en) | 2004-11-15 | 2012-05-08 | Microsoft Corporation | Special PC mode entered upon detection of undesired state |
US8464348B2 (en) | 2004-11-15 | 2013-06-11 | Microsoft Corporation | Isolated computing environment anchored into CPU and motherboard |
US8336085B2 (en) | 2004-11-15 | 2012-12-18 | Microsoft Corporation | Tuning product policy using observed evidence of customer behavior |
US8924728B2 (en) | 2004-11-30 | 2014-12-30 | Intel Corporation | Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information |
US8533777B2 (en) | 2004-12-29 | 2013-09-10 | Intel Corporation | Mechanism to determine trust of out-of-band management agents |
US8438645B2 (en) | 2005-04-27 | 2013-05-07 | Microsoft Corporation | Secure clock with grace periods |
US8725646B2 (en) | 2005-04-15 | 2014-05-13 | Microsoft Corporation | Output protection levels |
US9363481B2 (en) | 2005-04-22 | 2016-06-07 | Microsoft Technology Licensing, Llc | Protected media pipeline |
US9436804B2 (en) | 2005-04-22 | 2016-09-06 | Microsoft Technology Licensing, Llc | Establishing a unique session key using a hardware functionality scan |
US20060265758A1 (en) | 2005-05-20 | 2006-11-23 | Microsoft Corporation | Extensible media rights |
US8353046B2 (en) | 2005-06-08 | 2013-01-08 | Microsoft Corporation | System and method for delivery of a modular operating system |
ATE374478T1 (de) * | 2005-08-05 | 2007-10-15 | Sap Ag | System und verfahren für das erneuern von schlüsseln, welche in public-key kryptographie genutzt werden |
US7809957B2 (en) | 2005-09-29 | 2010-10-05 | Intel Corporation | Trusted platform module for generating sealed data |
US20070226514A1 (en) * | 2006-03-24 | 2007-09-27 | Atmel Corporation | Secure biometric processing system and method of use |
US20070237366A1 (en) * | 2006-03-24 | 2007-10-11 | Atmel Corporation | Secure biometric processing system and method of use |
US7849312B2 (en) * | 2006-03-24 | 2010-12-07 | Atmel Corporation | Method and system for secure external TPM password generation and use |
KR20080058833A (ko) * | 2006-12-22 | 2008-06-26 | 삼성전자주식회사 | 개인 정보 보호 장치 및 방법 |
US7882358B2 (en) * | 2007-01-15 | 2011-02-01 | Microsoft Corporation | Reversible hashing for E-signature verification |
US8001383B2 (en) | 2007-02-01 | 2011-08-16 | Microsoft Corporation | Secure serial number |
US7958057B2 (en) * | 2007-03-28 | 2011-06-07 | King Fahd University Of Petroleum And Minerals | Virtual account based new digital cash protocols with combined blind digital signature and pseudonym authentication |
KR101427646B1 (ko) * | 2007-05-14 | 2014-09-23 | 삼성전자주식회사 | 펌웨어의 무결성 검사 방법 및 장치 |
US7877331B2 (en) * | 2007-09-06 | 2011-01-25 | King Fahd University Of Petroleum & Minerals | Token based new digital cash protocols with combined blind digital signature and pseudonym authentication |
US20110289322A1 (en) * | 2007-12-14 | 2011-11-24 | Rasti Mehran | Protected use of identity identifier objects |
CN101394268B (zh) * | 2008-09-12 | 2011-05-18 | 华南理工大学 | 基于广义信息域的高级加密系统及方法 |
CN102082664A (zh) * | 2009-11-30 | 2011-06-01 | 腾讯科技(深圳)有限公司 | 网络数据安全传输系统及方法 |
US20130031180A1 (en) * | 2010-04-16 | 2013-01-31 | Nokia Siemens Networks Oy | Virtual identities |
WO2011153539A1 (en) * | 2010-06-04 | 2011-12-08 | Northwestern University | Pseudonymous public keys based authentication |
GB2496841B (en) * | 2011-11-15 | 2016-07-20 | Rosberg System As | Method of securing a computing device |
WO2015163920A1 (en) * | 2014-04-25 | 2015-10-29 | Hewlett-Packard Development Company, L.P. | Configuration based on a blueprint |
CN105610848B (zh) * | 2016-01-08 | 2018-05-25 | 北京工业大学 | 具备源数据安全保障机制的集中式数据保全方法及系统 |
US20190014095A1 (en) * | 2017-07-06 | 2019-01-10 | At&T Intellectual Property I, L.P. | Facilitating provisioning of an out-of-band pseudonym over a secure communication channel |
WO2019152994A1 (en) * | 2018-02-05 | 2019-08-08 | Lg Electronics, Inc. | Cryptographic methods and systems using blinded activation codes for digital certificate revocation |
US10841080B2 (en) * | 2018-03-20 | 2020-11-17 | International Business Machines Corporation | Oblivious pseudorandom function in a key management system |
US10887088B2 (en) * | 2018-03-20 | 2021-01-05 | International Business Machines Corporation | Virtualizing a key hierarchy using a partially-oblivious pseudorandom function (P-OPRF) |
US10887293B2 (en) | 2018-03-20 | 2021-01-05 | International Business Machines Corporation | Key identifiers in an obliviousness pseudorandom function (OPRF)-based key management service (KMS) |
US11115206B2 (en) | 2018-08-23 | 2021-09-07 | International Business Machines Corporation | Assymetric structured key recovering using oblivious pseudorandom function |
US10924267B2 (en) | 2018-08-24 | 2021-02-16 | International Business Machines Corporation | Validating keys derived from an oblivious pseudorandom function |
US11301583B2 (en) * | 2019-10-09 | 2022-04-12 | Mastercard International Incorporated | Method and system for protection of customer PII via cryptographic tokens |
CN113486388B (zh) * | 2021-09-06 | 2021-11-26 | 江苏翔晟信息技术股份有限公司 | 基于分离式秘钥存储的电子签章签署系统及方法 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4759064A (en) * | 1985-10-07 | 1988-07-19 | Chaum David L | Blind unanticipated signature systems |
US5606617A (en) * | 1994-10-14 | 1997-02-25 | Brands; Stefanus A. | Secret-key certificates |
Family Cites Families (201)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3699532A (en) | 1970-04-21 | 1972-10-17 | Singer Co | Multiprogramming control for a data handling system |
US3996449A (en) | 1975-08-25 | 1976-12-07 | International Business Machines Corporation | Operating system authenticator |
US4162536A (en) | 1976-01-02 | 1979-07-24 | Gould Inc., Modicon Div. | Digital input/output system and method |
US4037214A (en) | 1976-04-30 | 1977-07-19 | International Business Machines Corporation | Key register controlled accessing system |
US4247905A (en) * | 1977-08-26 | 1981-01-27 | Sharp Kabushiki Kaisha | Memory clear system |
US4278837A (en) | 1977-10-31 | 1981-07-14 | Best Robert M | Crypto microprocessor for executing enciphered programs |
US4276594A (en) * | 1978-01-27 | 1981-06-30 | Gould Inc. Modicon Division | Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and method for performing the same |
US4207609A (en) | 1978-05-08 | 1980-06-10 | International Business Machines Corporation | Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system |
JPS5576447A (en) | 1978-12-01 | 1980-06-09 | Fujitsu Ltd | Address control system for software simulation |
US4307447A (en) | 1979-06-19 | 1981-12-22 | Gould Inc. | Programmable controller |
US4319323A (en) * | 1980-04-04 | 1982-03-09 | Digital Equipment Corporation | Communications device for data processing system |
US4419724A (en) | 1980-04-14 | 1983-12-06 | Sperry Corporation | Main bus interface package |
US4366537A (en) | 1980-05-23 | 1982-12-28 | International Business Machines Corp. | Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys |
US4403283A (en) | 1980-07-28 | 1983-09-06 | Ncr Corporation | Extended memory system and method |
DE3034581A1 (de) | 1980-09-13 | 1982-04-22 | Robert Bosch Gmbh, 7000 Stuttgart | Auslesesicherung bei einchip-mikroprozessoren |
JPS58140862A (ja) | 1982-02-16 | 1983-08-20 | Toshiba Corp | 相互排他方式 |
US4521852A (en) * | 1982-06-30 | 1985-06-04 | Texas Instruments Incorporated | Data processing device formed on a single semiconductor substrate having secure memory |
JPS59111561A (ja) * | 1982-12-17 | 1984-06-27 | Hitachi Ltd | 複合プロセツサ・システムのアクセス制御方式 |
US4759063A (en) * | 1983-08-22 | 1988-07-19 | Chaum David L | Blind signature systems |
GB8414518D0 (en) * | 1984-06-07 | 1984-07-11 | Pfizer Ltd | Therapeutic agents |
US4975836A (en) | 1984-12-19 | 1990-12-04 | Hitachi, Ltd. | Virtual computer system |
JPS61206057A (ja) | 1985-03-11 | 1986-09-12 | Hitachi Ltd | アドレス変換装置 |
FR2592510B1 (fr) * | 1985-12-31 | 1988-02-12 | Bull Cp8 | Procede et appareil pour certifier des services obtenus a l'aide d'un support portatif tel qu'une carte a memoire |
FR2601525B1 (fr) | 1986-07-11 | 1988-10-21 | Bull Cp8 | Dispositif de securite interdisant le fonctionnement d'un ensemble electronique apres une premiere coupure de son alimentation electrique |
FR2601476B1 (fr) * | 1986-07-11 | 1988-10-21 | Bull Cp8 | Procede pour authentifier une donnee d'habilitation externe par un objet portatif tel qu'une carte a memoire |
FR2601535B1 (fr) * | 1986-07-11 | 1988-10-21 | Bull Cp8 | Procede pour certifier l'authenticite d'une donnee echangee entre deux dispositifs connectes en local ou a distance par une ligne de transmission |
FR2618002B1 (fr) * | 1987-07-10 | 1991-07-05 | Schlumberger Ind Sa | Procede et systeme d'authentification de cartes a memoire electronique |
US5007082A (en) * | 1988-08-03 | 1991-04-09 | Kelly Services, Inc. | Computer software encryption apparatus |
US5079737A (en) * | 1988-10-25 | 1992-01-07 | United Technologies Corporation | Memory management unit for the MIL-STD 1750 bus |
US5434999A (en) | 1988-11-09 | 1995-07-18 | Bull Cp8 | Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal |
FR2640798B1 (fr) | 1988-12-20 | 1993-01-08 | Bull Cp8 | Dispositif de traitement de donnees comportant une memoire non volatile electriquement effacable et reprogrammable |
JPH02171934A (ja) | 1988-12-26 | 1990-07-03 | Hitachi Ltd | 仮想計算機システム |
JPH02208740A (ja) | 1989-02-09 | 1990-08-20 | Fujitsu Ltd | 仮想計算機制御方式 |
US5442645A (en) | 1989-06-06 | 1995-08-15 | Bull Cp8 | Method for checking the integrity of a program or data, and apparatus for implementing this method |
JP2590267B2 (ja) * | 1989-06-30 | 1997-03-12 | 株式会社日立製作所 | 仮想計算機における表示制御方式 |
US5022077A (en) * | 1989-08-25 | 1991-06-04 | International Business Machines Corp. | Apparatus and method for preventing unauthorized access to BIOS in a personal computer system |
JP2825550B2 (ja) | 1989-09-21 | 1998-11-18 | 株式会社日立製作所 | 多重仮想空間アドレス制御方法および計算機システム |
CA2010591C (en) | 1989-10-20 | 1999-01-26 | Phillip M. Adams | Kernels, description tables and device drivers |
CA2027799A1 (en) | 1989-11-03 | 1991-05-04 | David A. Miller | Method and apparatus for independently resetting processors and cache controllers in multiple processor systems |
US5075842A (en) | 1989-12-22 | 1991-12-24 | Intel Corporation | Disabling tag bit recognition and allowing privileged operations to occur in an object-oriented memory protection mechanism |
EP0473913A3 (en) | 1990-09-04 | 1992-12-16 | International Business Machines Corporation | Method and apparatus for providing a service pool of virtual machines for a plurality of vm users |
US5108590A (en) | 1990-09-12 | 1992-04-28 | Disanto Dennis | Water dispenser |
US5230069A (en) | 1990-10-02 | 1993-07-20 | International Business Machines Corporation | Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virtual machine computer system |
US5317705A (en) * | 1990-10-24 | 1994-05-31 | International Business Machines Corporation | Apparatus and method for TLB purge reduction in a multi-level machine system |
US5287363A (en) | 1991-07-01 | 1994-02-15 | Disk Technician Corporation | System for locating and anticipating data storage media failures |
US5437033A (en) | 1990-11-16 | 1995-07-25 | Hitachi, Ltd. | System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode |
US5255379A (en) | 1990-12-28 | 1993-10-19 | Sun Microsystems, Inc. | Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 80486 processor |
US5453003A (en) * | 1991-01-09 | 1995-09-26 | Pfefferle; William C. | Catalytic method |
US5551033A (en) | 1991-05-17 | 1996-08-27 | Zenith Data Systems Corporation | Apparatus for maintaining one interrupt mask register in conformity with another in a manner invisible to an executing program |
JPH04348434A (ja) | 1991-05-27 | 1992-12-03 | Hitachi Ltd | 仮想計算機システム |
US5319760A (en) * | 1991-06-28 | 1994-06-07 | Digital Equipment Corporation | Translation buffer for virtual machines with address space match |
US5522075A (en) * | 1991-06-28 | 1996-05-28 | Digital Equipment Corporation | Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces |
US5455909A (en) | 1991-07-05 | 1995-10-03 | Chips And Technologies Inc. | Microprocessor with operation capture facility |
JPH06236284A (ja) * | 1991-10-21 | 1994-08-23 | Intel Corp | コンピュータシステム処理状態を保存及び復元する方法及びコンピュータシステム |
US5627987A (en) * | 1991-11-29 | 1997-05-06 | Kabushiki Kaisha Toshiba | Memory management and protection system for virtual memory in computer system |
US5574936A (en) | 1992-01-02 | 1996-11-12 | Amdahl Corporation | Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB) in a computer system |
US5486529A (en) * | 1992-04-16 | 1996-01-23 | Zeneca Limited | Certain pyridyl ketones for treating diseases involving leukocyte elastase |
US5421006A (en) * | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
US5610981A (en) | 1992-06-04 | 1997-03-11 | Integrated Technologies Of America, Inc. | Preboot protection for a data security system with anti-intrusion capability |
US5237616A (en) | 1992-09-21 | 1993-08-17 | International Business Machines Corporation | Secure computer system having privileged and unprivileged memories |
US5293424A (en) * | 1992-10-14 | 1994-03-08 | Bull Hn Information Systems Inc. | Secure memory card |
US5796835A (en) | 1992-10-27 | 1998-08-18 | Bull Cp8 | Method and system for writing information in a data carrier making it possible to later certify the originality of this information |
EP0600112A1 (de) | 1992-11-30 | 1994-06-08 | Siemens Nixdorf Informationssysteme Aktiengesellschaft | Datenverarbeitungsanlage mit virtueller Speicheradressierung und schlüsselgesteuertem Speicherzugriff |
JP2765411B2 (ja) * | 1992-11-30 | 1998-06-18 | 株式会社日立製作所 | 仮想計算機方式 |
US5668971A (en) | 1992-12-01 | 1997-09-16 | Compaq Computer Corporation | Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data transfer |
EP0602867A1 (en) | 1992-12-17 | 1994-06-22 | NCR International, Inc. | An apparatus for securing a system platform |
JPH06187178A (ja) | 1992-12-18 | 1994-07-08 | Hitachi Ltd | 仮想計算機システムの入出力割込み制御方法 |
US5483656A (en) | 1993-01-14 | 1996-01-09 | Apple Computer, Inc. | System for managing power consumption of devices coupled to a common bus |
US5469557A (en) | 1993-03-05 | 1995-11-21 | Microchip Technology Incorporated | Code protection in microcontroller with EEPROM fuses |
FR2703800B1 (fr) | 1993-04-06 | 1995-05-24 | Bull Cp8 | Procédé de signature d'un fichier informatique, et dispositif pour la mise en Óoeuvre. |
FR2704341B1 (fr) | 1993-04-22 | 1995-06-02 | Bull Cp8 | Dispositif de protection des clés d'une carte à puce. |
JPH06348867A (ja) * | 1993-06-04 | 1994-12-22 | Hitachi Ltd | マイクロコンピュータ |
FR2706210B1 (fr) * | 1993-06-08 | 1995-07-21 | Bull Cp8 | Procédé d'authentification d'un objet portatif par un terminal hors ligne, objet portatif et terminal correspondants. |
NL9301348A (nl) | 1993-08-02 | 1995-03-01 | Stefanus Alfonsus Brands | Elektronisch betalingssysteem. |
US5555385A (en) | 1993-10-27 | 1996-09-10 | International Business Machines Corporation | Allocation of address spaces within virtual machine compute system |
US5825880A (en) | 1994-01-13 | 1998-10-20 | Sudia; Frank W. | Multi-step digital signature method and system |
US5459869A (en) | 1994-02-17 | 1995-10-17 | Spilo; Michael L. | Method for providing protected mode services for device drivers and other resident software |
US5511121A (en) * | 1994-02-23 | 1996-04-23 | Bell Communications Research, Inc. | Efficient electronic money |
US5604805A (en) | 1994-02-28 | 1997-02-18 | Brands; Stefanus A. | Privacy-protected transfer of electronic information |
FR2717286B1 (fr) * | 1994-03-09 | 1996-04-05 | Bull Cp8 | Procédé et dispositif pour authentifier un support de données destiné à permettre une transaction ou l'accès à un service ou à un lieu, et support correspondant. |
US5684881A (en) | 1994-05-23 | 1997-11-04 | Matsushita Electric Industrial Co., Ltd. | Sound field and sound image control apparatus and method |
US5473692A (en) | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
US5539828A (en) | 1994-05-31 | 1996-07-23 | Intel Corporation | Apparatus and method for providing secured communications |
US5533123A (en) | 1994-06-28 | 1996-07-02 | National Semiconductor Corporation | Programmable distributed personal security |
JPH0883211A (ja) | 1994-09-12 | 1996-03-26 | Mitsubishi Electric Corp | データ処理装置 |
DE69534757T2 (de) | 1994-09-15 | 2006-08-31 | International Business Machines Corp. | System und Verfahren zur sicheren Speicherung und Verteilung von Daten unter Verwendung digitaler Unterschriften |
US6058478A (en) * | 1994-09-30 | 2000-05-02 | Intel Corporation | Apparatus and method for a vetted field upgrade |
FR2725537B1 (fr) | 1994-10-11 | 1996-11-22 | Bull Cp8 | Procede de chargement d'une zone memoire protegee d'un dispositif de traitement de l'information et dispositif associe |
US5903752A (en) * | 1994-10-13 | 1999-05-11 | Intel Corporation | Method and apparatus for embedding a real-time multi-tasking kernel in a non-real-time operating system |
US5564040A (en) | 1994-11-08 | 1996-10-08 | International Business Machines Corporation | Method and apparatus for providing a server function in a logically partitioned hardware machine |
US5560013A (en) | 1994-12-06 | 1996-09-24 | International Business Machines Corporation | Method of using a target processor to execute programs of a source architecture that uses multiple address spaces |
US5555414A (en) | 1994-12-14 | 1996-09-10 | International Business Machines Corporation | Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals |
US5615263A (en) * | 1995-01-06 | 1997-03-25 | Vlsi Technology, Inc. | Dual purpose security architecture with protected internal operating system |
US5764969A (en) * | 1995-02-10 | 1998-06-09 | International Business Machines Corporation | Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions with partial concept synchronization |
FR2731536B1 (fr) * | 1995-03-10 | 1997-04-18 | Schlumberger Ind Sa | Procede d'inscription securisee d'informations dans un support portable |
WO1996031034A1 (en) * | 1995-03-27 | 1996-10-03 | Stefanus Alfonsus Brands | System for ensuring that the blinding of secret-key certificates is restricted, even if the issuing protocol is performed in parallel mode |
US5717903A (en) * | 1995-05-15 | 1998-02-10 | Compaq Computer Corporation | Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device |
CN1104118C (zh) | 1995-05-19 | 2003-03-26 | 西门子公司 | 计算机支持的在两个计算机之间的密码交换方法 |
JP3451595B2 (ja) | 1995-06-07 | 2003-09-29 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 二つの別個の命令セット・アーキテクチャへの拡張をサポートすることができるアーキテクチャ・モード制御を備えたマイクロプロセッサ |
US5684948A (en) | 1995-09-01 | 1997-11-04 | National Semiconductor Corporation | Memory management circuit which provides simulated privilege levels |
US5633929A (en) | 1995-09-15 | 1997-05-27 | Rsa Data Security, Inc | Cryptographic key escrow system having reduced vulnerability to harvesting attacks |
US5737760A (en) * | 1995-10-06 | 1998-04-07 | Motorola Inc. | Microcontroller with security logic circuit which prevents reading of internal memory by external program |
US6093213A (en) | 1995-10-06 | 2000-07-25 | Advanced Micro Devices, Inc. | Flexible implementation of a system management mode (SMM) in a processor |
US5901229A (en) | 1995-11-06 | 1999-05-04 | Nippon Telegraph And Telephone Corp. | Electronic cash implementing method using a trustee |
JP3693721B2 (ja) * | 1995-11-10 | 2005-09-07 | Necエレクトロニクス株式会社 | フラッシュメモリ内蔵マイクロコンピュータ及びそのテスト方法 |
US5657445A (en) | 1996-01-26 | 1997-08-12 | Dell Usa, L.P. | Apparatus and method for limiting access to mass storage devices in a computer system |
US5835594A (en) | 1996-02-09 | 1998-11-10 | Intel Corporation | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
US5878138A (en) * | 1996-02-12 | 1999-03-02 | Microsoft Corporation | System and method for detecting fraudulent expenditure of electronic assets |
US5809546A (en) | 1996-05-23 | 1998-09-15 | International Business Machines Corporation | Method for managing I/O buffers in shared storage by structuring buffer table having entries including storage keys for controlling accesses to the buffers |
US6178509B1 (en) * | 1996-06-13 | 2001-01-23 | Intel Corporation | Tamper resistant methods and apparatus |
US6205550B1 (en) * | 1996-06-13 | 2001-03-20 | Intel Corporation | Tamper resistant methods and apparatus |
US6175925B1 (en) * | 1996-06-13 | 2001-01-16 | Intel Corporation | Tamper resistant player for scrambled contents |
US5729760A (en) * | 1996-06-21 | 1998-03-17 | Intel Corporation | System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode |
US5944821A (en) | 1996-07-11 | 1999-08-31 | Compaq Computer Corporation | Secure software registration and integrity assessment in a computer system |
US6199152B1 (en) | 1996-08-22 | 2001-03-06 | Transmeta Corporation | Translated memory protection apparatus for an advanced microprocessor |
US5740178A (en) | 1996-08-29 | 1998-04-14 | Lucent Technologies Inc. | Software for controlling a reliable backup memory |
US6055637A (en) * | 1996-09-27 | 2000-04-25 | Electronic Data Systems Corporation | System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential |
US5844986A (en) | 1996-09-30 | 1998-12-01 | Intel Corporation | Secure BIOS |
US5935242A (en) | 1996-10-28 | 1999-08-10 | Sun Microsystems, Inc. | Method and apparatus for initializing a device |
US5872844A (en) * | 1996-11-18 | 1999-02-16 | Microsoft Corporation | System and method for detecting fraudulent expenditure of transferable electronic assets |
US5852717A (en) | 1996-11-20 | 1998-12-22 | Shiva Corporation | Performance optimizations for computer networks utilizing HTTP |
DE19649292A1 (de) * | 1996-11-28 | 1998-06-04 | Deutsche Telekom Ag | Verfahren zum Sichern eines durch eine Schlüsselhierarchie geschützten Systems |
US5901225A (en) * | 1996-12-05 | 1999-05-04 | Advanced Micro Devices, Inc. | System and method for performing software patches in embedded systems |
US5757919A (en) * | 1996-12-12 | 1998-05-26 | Intel Corporation | Cryptographically protected paging subsystem |
JP4000654B2 (ja) | 1997-02-27 | 2007-10-31 | セイコーエプソン株式会社 | 半導体装置及び電子機器 |
US6557104B2 (en) * | 1997-05-02 | 2003-04-29 | Phoenix Technologies Ltd. | Method and apparatus for secure processing of cryptographic keys |
US6044478A (en) | 1997-05-30 | 2000-03-28 | National Semiconductor Corporation | Cache with finely granular locked-down regions |
US6075938A (en) * | 1997-06-10 | 2000-06-13 | The Board Of Trustees Of The Leland Stanford Junior University | Virtual machine monitors for scalable multiprocessors |
US6175924B1 (en) | 1997-06-20 | 2001-01-16 | International Business Machines Corp. | Method and apparatus for protecting application data in secure storage areas |
US6035374A (en) | 1997-06-25 | 2000-03-07 | Sun Microsystems, Inc. | Method of executing coded instructions in a multiprocessor having shared execution resources including active, nap, and sleep states in accordance with cache miss latency |
US6584565B1 (en) | 1997-07-15 | 2003-06-24 | Hewlett-Packard Development Company, L.P. | Method and apparatus for long term verification of digital signatures |
US6014745A (en) * | 1997-07-17 | 2000-01-11 | Silicon Systems Design Ltd. | Protection for customer programs (EPROM) |
US6212635B1 (en) * | 1997-07-18 | 2001-04-03 | David C. Reardon | Network security system allowing access and modification to a security subsystem after initial installation when a master token is in place |
US5978475A (en) | 1997-07-18 | 1999-11-02 | Counterpane Internet Security, Inc. | Event auditing system |
DE19733662C2 (de) * | 1997-08-04 | 2001-05-23 | Deutsche Telekom Mobil | Verfahren und Vorrichtung zur kundenseitigen Personalisierung von GSM-Chips |
US5919257A (en) | 1997-08-08 | 1999-07-06 | Novell, Inc. | Networked workstation intrusion detection system |
DE19735948C1 (de) * | 1997-08-19 | 1998-10-01 | Siemens Nixdorf Inf Syst | Verfahren zur Verbesserung der Steuerungsmöglichkeit in Datenverarbeitungsanlagen mit Adreßübersetzung |
US5935247A (en) | 1997-09-18 | 1999-08-10 | Geneticware Co., Ltd. | Computer system having a genetic code that cannot be directly accessed and a method of maintaining the same |
US6182089B1 (en) * | 1997-09-23 | 2001-01-30 | Silicon Graphics, Inc. | Method, system and computer program product for dynamically allocating large memory pages of different sizes |
US6357004B1 (en) * | 1997-09-30 | 2002-03-12 | Intel Corporation | System and method for ensuring integrity throughout post-processing |
US6061794A (en) * | 1997-09-30 | 2000-05-09 | Compaq Computer Corp. | System and method for performing secure device communications in a peer-to-peer bus architecture |
US6219787B1 (en) | 1997-12-22 | 2001-04-17 | Texas Instruments Incorporated | Method and apparatus for extending security model to native code |
US6378072B1 (en) * | 1998-02-03 | 2002-04-23 | Compaq Computer Corporation | Cryptographic system |
US6108644A (en) | 1998-02-19 | 2000-08-22 | At&T Corp. | System and method for electronic transactions |
US6131166A (en) | 1998-03-13 | 2000-10-10 | Sun Microsystems, Inc. | System and method for cross-platform application level power management |
US6192455B1 (en) * | 1998-03-30 | 2001-02-20 | Intel Corporation | Apparatus and method for preventing access to SMRAM space through AGP addressing |
US6374286B1 (en) * | 1998-04-06 | 2002-04-16 | Rockwell Collins, Inc. | Real time processor capable of concurrently running multiple independent JAVA machines |
US6173417B1 (en) | 1998-04-30 | 2001-01-09 | Intel Corporation | Initializing and restarting operating systems |
US6397242B1 (en) * | 1998-05-15 | 2002-05-28 | Vmware, Inc. | Virtualization system including a virtual machine monitor for a computer with a segmented architecture |
DE69942712D1 (de) | 1998-05-29 | 2010-10-14 | Texas Instruments Inc | Sichere Rechnervorrichtung |
US6505279B1 (en) * | 1998-08-14 | 2003-01-07 | Silicon Storage Technology, Inc. | Microcontroller system having security circuitry to selectively lock portions of a program memory address space |
US6339815B1 (en) * | 1998-08-14 | 2002-01-15 | Silicon Storage Technology, Inc. | Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space |
JP2000076139A (ja) | 1998-08-28 | 2000-03-14 | Nippon Telegr & Teleph Corp <Ntt> | 携帯型情報記憶媒体 |
US6363485B1 (en) * | 1998-09-09 | 2002-03-26 | Entrust Technologies Limited | Multi-factor biometric authenticating device and method |
US6230248B1 (en) | 1998-10-12 | 2001-05-08 | Institute For The Development Of Emerging Architectures, L.L.C. | Method and apparatus for pre-validating regions in a virtual addressing scheme |
US7194092B1 (en) | 1998-10-26 | 2007-03-20 | Microsoft Corporation | Key-based secure storage |
US6327652B1 (en) | 1998-10-26 | 2001-12-04 | Microsoft Corporation | Loading and identifying a digital rights management operating system |
US6609199B1 (en) | 1998-10-26 | 2003-08-19 | Microsoft Corporation | Method and apparatus for authenticating an open system application to a portable IC device |
US6282650B1 (en) | 1999-01-25 | 2001-08-28 | Intel Corporation | Secure public digital watermark |
US6560627B1 (en) | 1999-01-28 | 2003-05-06 | Cisco Technology, Inc. | Mutual exclusion at the record level with priority inheritance for embedded systems using one semaphore |
US7111290B1 (en) | 1999-01-28 | 2006-09-19 | Ati International Srl | Profiling program execution to identify frequently-executed portions and to assist binary translation |
US6188257B1 (en) | 1999-02-01 | 2001-02-13 | Vlsi Technology, Inc. | Power-on-reset logic with secure power down capability |
EP1030237A1 (en) | 1999-02-15 | 2000-08-23 | Hewlett-Packard Company | Trusted hardware device in a computer |
US7225333B2 (en) | 1999-03-27 | 2007-05-29 | Microsoft Corporation | Secure processor architecture for use with a digital rights management (DRM) system on a computing device |
US6615278B1 (en) | 1999-03-29 | 2003-09-02 | International Business Machines Corporation | Cross-platform program, system, and method having a global registry object for mapping registry equivalent functions in an OS/2 operating system environment |
US6684326B1 (en) | 1999-03-31 | 2004-01-27 | International Business Machines Corporation | Method and system for authenticated boot operations in a computer system of a networked computing environment |
US6651171B1 (en) | 1999-04-06 | 2003-11-18 | Microsoft Corporation | Secure execution of program code |
US6389537B1 (en) * | 1999-04-23 | 2002-05-14 | Intel Corporation | Platform and method for assuring integrity of trusted agent communications |
US6275933B1 (en) | 1999-04-30 | 2001-08-14 | 3Com Corporation | Security system for a computerized apparatus |
EP1055989A1 (en) | 1999-05-28 | 2000-11-29 | Hewlett-Packard Company | System for digitally signing a document |
EP1056014A1 (en) | 1999-05-28 | 2000-11-29 | Hewlett-Packard Company | System for providing a trustworthy user interface |
US6529909B1 (en) | 1999-08-31 | 2003-03-04 | Accenture Llp | Method for translating an object attribute converter in an information services patterns environment |
US6571171B1 (en) * | 1999-09-08 | 2003-05-27 | Rockwell Collins, Inc. | Method and apparatus for graphically inserting waypoints for a flight management system |
JP2001148344A (ja) | 1999-09-09 | 2001-05-29 | Nikon Corp | 露光装置、エネルギ源の出力制御方法、該方法を用いるレーザ装置、及びデバイス製造方法 |
EP1085396A1 (en) | 1999-09-17 | 2001-03-21 | Hewlett-Packard Company | Operation of trusted state in computing platform |
US6535988B1 (en) * | 1999-09-29 | 2003-03-18 | Intel Corporation | System for detecting over-clocking uses a reference signal thereafter preventing over-clocking by reducing clock rate |
US6374317B1 (en) * | 1999-10-07 | 2002-04-16 | Intel Corporation | Method and apparatus for initializing a computer interface |
AU2001251701A1 (en) | 2000-02-25 | 2001-09-03 | Identix Incorporated | Secure transaction system |
WO2001065366A1 (en) | 2000-03-02 | 2001-09-07 | Alarity Corporation | System and method for process protection |
JP3710671B2 (ja) | 2000-03-14 | 2005-10-26 | シャープ株式会社 | 1チップマイクロコンピュータ及びそれを用いたicカード、並びに1チップマイクロコンピュータのアクセス制御方法 |
CA2341931C (en) | 2000-03-24 | 2006-05-30 | Contentguard Holdings, Inc. | System and method for protection of digital works |
US6507904B1 (en) | 2000-03-31 | 2003-01-14 | Intel Corporation | Executing isolated mode instructions in a secure system running in privilege rings |
US6633963B1 (en) | 2000-03-31 | 2003-10-14 | Intel Corporation | Controlling access to multiple memory zones in an isolated execution environment |
US6678825B1 (en) | 2000-03-31 | 2004-01-13 | Intel Corporation | Controlling access to multiple isolated memories in an isolated execution environment |
US6871276B1 (en) * | 2000-04-05 | 2005-03-22 | Microsoft Corporation | Controlled-content recoverable blinded certificates |
GB0020416D0 (en) | 2000-08-18 | 2000-10-04 | Hewlett Packard Co | Trusted system |
US6938164B1 (en) | 2000-11-22 | 2005-08-30 | Microsoft Corporation | Method and system for allowing code to be securely initialized in a computer |
GB0104764D0 (en) * | 2001-02-24 | 2001-04-18 | Ibm | Method apparatus and computer program product for controlling access to a res urce |
US7631160B2 (en) | 2001-04-04 | 2009-12-08 | Advanced Micro Devices, Inc. | Method and apparatus for securing portions of memory |
US6976136B2 (en) | 2001-05-07 | 2005-12-13 | National Semiconductor Corporation | Flash memory protection scheme for secured shared BIOS implementation in personal computers with an embedded controller |
US7676430B2 (en) | 2001-05-09 | 2010-03-09 | Lenovo (Singapore) Ptd. Ltd. | System and method for installing a remote credit card authorization on a system with a TCPA complaint chipset |
EP1271277A3 (en) | 2001-06-26 | 2003-02-05 | Redstrike B.V. | Security system and software to prevent unauthorized use of a computing device |
US20030018892A1 (en) | 2001-07-19 | 2003-01-23 | Jose Tello | Computer with a modified north bridge, security engine and smart card having a secure boot capability and method for secure booting a computer |
US7191464B2 (en) | 2001-10-16 | 2007-03-13 | Lenovo Pte. Ltd. | Method and system for tracking a secure boot in a trusted computing environment |
US7103771B2 (en) | 2001-12-17 | 2006-09-05 | Intel Corporation | Connecting a virtual token to a physical token |
US20030126453A1 (en) | 2001-12-31 | 2003-07-03 | Glew Andrew F. | Processor supporting execution of an authenticated code instruction |
US7308576B2 (en) | 2001-12-31 | 2007-12-11 | Intel Corporation | Authenticated code module |
US7107460B2 (en) | 2002-02-15 | 2006-09-12 | International Business Machines Corporation | Method and system for securing enablement access to a data security device |
US7343493B2 (en) | 2002-03-28 | 2008-03-11 | Lenovo (Singapore) Pte. Ltd. | Encrypted file system using TCPA |
US7318141B2 (en) | 2002-12-17 | 2008-01-08 | Intel Corporation | Methods and systems to control virtual machines |
US20040266523A1 (en) * | 2003-04-16 | 2004-12-30 | Gentles Thomas A | Secured networks in a gaming system environment |
-
2000
- 2000-06-28 US US09/605,605 patent/US6976162B1/en not_active Expired - Fee Related
-
2001
- 2001-06-14 EP EP01944542A patent/EP1297655A2/en not_active Withdrawn
- 2001-06-14 WO PCT/US2001/019223 patent/WO2002001794A2/en active Application Filing
- 2001-06-14 CN CN201110050584.XA patent/CN102111274B/zh not_active Expired - Fee Related
- 2001-06-14 CN CN01811981.6A patent/CN1439207A/zh active Pending
- 2001-06-14 AU AU2001266942A patent/AU2001266942A1/en not_active Abandoned
-
2005
- 2005-11-29 US US11/289,747 patent/US7516330B2/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4759064A (en) * | 1985-10-07 | 1988-07-19 | Chaum David L | Blind unanticipated signature systems |
US5606617A (en) * | 1994-10-14 | 1997-02-25 | Brands; Stefanus A. | Secret-key certificates |
Also Published As
Publication number | Publication date |
---|---|
EP1297655A2 (en) | 2003-04-02 |
US7516330B2 (en) | 2009-04-07 |
US6976162B1 (en) | 2005-12-13 |
AU2001266942A1 (en) | 2002-01-08 |
US20060080528A1 (en) | 2006-04-13 |
CN1439207A (zh) | 2003-08-27 |
WO2002001794A2 (en) | 2002-01-03 |
WO2002001794A3 (en) | 2002-09-26 |
CN102111274A (zh) | 2011-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102111274B (zh) | 用于建立可核查身份而又保密的平台和方法 | |
CN101019369B (zh) | 利用在线服务向装置传递直接证明私有密钥的方法 | |
US7975312B2 (en) | Token passing technique for media playback devices | |
US7100048B1 (en) | Encrypted internet and intranet communication device | |
CN113067699B (zh) | 基于量子密钥的数据共享方法、装置和计算机设备 | |
EP1636664B1 (en) | Proof of execution using random function | |
JP4616345B2 (ja) | 配布cdを用いて直接証明秘密鍵を装置に配布する方法 | |
US7050584B1 (en) | Method and system for regenerating a private key for a predetermined asymmetric cryptographic key pair | |
TWI420339B (zh) | 軟體授權系統及方法 | |
US20100098246A1 (en) | Smart card based encryption key and password generation and management | |
WO2007086015A2 (en) | Secure transfer of content ownership | |
US8392723B2 (en) | Information processing apparatus and computer readable medium for preventing unauthorized operation of a program | |
CN112597523B (zh) | 文件处理方法、文件转换加密机、终端、服务器及介质 | |
CN111475824A (zh) | 数据访问方法、装置、设备和存储介质 | |
CN111917543A (zh) | 用户接入云平台安全接入认证系统及其应用方法 | |
CN111835510A (zh) | 一种etc安全管理方法 | |
US20080292104A1 (en) | Recovery of Expired Decryption Keys | |
US20010039613A1 (en) | Authentication system, and contents-information sender and receiver | |
JP4794970B2 (ja) | 秘密情報の保護方法及び通信装置 | |
US8755521B2 (en) | Security method and system for media playback devices | |
CN114553557A (zh) | 密钥调用方法、装置、计算机设备和存储介质 | |
JP3436476B2 (ja) | 認証用暗号鍵変更方法 | |
JP2002063139A (ja) | 端末装置、サーバ装置および端末認証方法 | |
KR20190135145A (ko) | 웹 표준 환경에서 화이트박스 암호화 방법을 이용한 정보 보호 방법 | |
CN115460020B (zh) | 数据共享方法、装置、设备及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140702 Termination date: 20170614 |