CN1439207A - 用于建立可核查身份而又保密的平台和方法 - Google Patents
用于建立可核查身份而又保密的平台和方法 Download PDFInfo
- Publication number
- CN1439207A CN1439207A CN01811981.6A CN01811981A CN1439207A CN 1439207 A CN1439207 A CN 1439207A CN 01811981 A CN01811981 A CN 01811981A CN 1439207 A CN1439207 A CN 1439207A
- Authority
- CN
- China
- Prior art keywords
- proof
- platform
- key
- assumed name
- hashed value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
Abstract
在一个实施方案中,描述了一种利用一个化名来保护平台和用户身份的方法。该方法包括产生一个包括一个公共化名密钥的化名。该公共化名密钥被放置到一个证明模板中。对证明模板进行一个散列运算,产生一个证明散列值,从平台上对其进行变换。随后,向该平台返回一个签署结果。该签署结果是该变换的证明散列值的一个数字签名。对该签署结果进行一个逆变换后,就恢复了该证明散列值的一个数字签名。该数字签名可以用于此后利用该化名进行的通讯中的数据完整性检查。
Description
发明领域
本发明涉及的是数据安全领域。特别是,本发明涉及一种平台和方法,通过建立和使用化名来保护该平台的身份。
发明背景
技术的发展,为许多不同于传统贸易方式的应用提供了许多机会。电子商务(e-commerce)和企业对企业(B2B)的交易越来越普及,以很快的速度达成全球市场。不幸的是,在诸如计算机的电子平台为用户提供方便有效的贸易、通讯和交易的同时,也容易受到肆无忌惮的攻击。这一弱点在很大程度上使内容提供者不愿意以一种下载的数字形式来提供其内容。
当前,已经提出了多种验证一个平台身份的机制。这对于确定平台是否是一个“委托”装置,即该平台是否配置为防止在未授权的情况下以一种非加密的格式来拷贝数字内容,是特别有用的。一种验证方法包括使用一个分配给一个平台的唯一的序列号来识别该平台。另一完全不同于上述方法或与上述方法协同操作的验证方法包括采用一个永久密钥对。该密钥对包括(i)一个识别该平台的唯一公共密钥,和(ii)一个私用密钥,永久存储在该委托装置的存储器中。该私用密钥是秘密的,不向委托装置的外部提供。但是,这些验证方法都有一些缺陷。
例如,这些验证方法仍会受到数据收集攻击。“数据收集”涉及对一段时间内从一个平台发送的数据的采集和分析。这样,采用平台序列号和永久密钥来进行识别,近来已经产生对用户秘密的担忧。而且,对于上述两种机制,一个用户不能方便和可靠地以一种通用形式访问和使用平台身份。
附图简述
根据下面对本发明的详细描述,可以清楚地了解本发明的特征和优势,其中:
图1是利用本发明的一个系统的说明性实施方案的模块图。
图2是图1中的第一个平台所采用的委托逻辑的说明性实施方案的模块图。
图3是描述图1中的第一个平台中产生的化名的分配和使用的说明性实施方案的流程图。
图4和5是产生和验证化名的说明性实施方案的流程图。
详细说明
本发明涉及一种平台和方法,通过产生和使用化名来保护平台的身份。此处,阐明了某些细节,以便对本发明的有一个透彻的理解。但是,显然,对于本领域的技术人员来讲,可以通过许多不同于所描述的实施方案来实施本发明。为了避免对本发明造成不必要的混淆,对于众所周知的电路和加密技术不做详述。
在下面的描述中,利用一些术语来讨论本发明的某些特征。例如,一个“平台”包括处理信息的硬件和/或软件。平台的例子包括,但不局限于或限制于下列任何情况:一台计算机(如台式机、膝上型电脑、手提式电脑、服务器、工作站等);数据传输设备(如路由器、转换器、传真机等),无线设备(如移动电话基站、电话送受话器等等);或者电视机顶盒。“软件”包括代码,当被执行时,实施某一功能。“信息”定义为一个或多个数据、地址和/或控制的位。
关于加密功能,一种“加密运算”是用于在信息上附加安全性的运算。这些运算可能包括加密、解密、散列计算等等。在某些情况下,加密运算需要使用一个密钥,即一个位序列。对于不对称密钥加密术,将一个装置与包含一个公共密钥和一个私用密钥的唯一永久密钥对相关联。
此外,不对称密钥加密术通常利用一个根证明。一个“根证明”是最初产生一个数字证明链时的一个公共密钥,并为随后所有的数字证明提供一个起始点。通常,一个“数字证明”包括用来验证一个信息发送者的信息。例如,根据CCITT Recommendation X.509:TheDirectory-Authentication Framework(1988),一个数字证明可以包括关于一个被验证的,即利用一个认证授权的私用密钥进行加密的个人或团体的信息(如一个密钥)。一个“认证机关”的例子包括一个原始设备制造商(OEM)、一个软件销售者、一个商贸协会、一个政府机构、一个银行或其它委托公司或个人。一个“数字证明链”包括一个如下所述的为认证而安排的两个或多个数字证明的规则序列,其中每个连续的证明代表先前证明的发出者。
一个“数字签名”包括利用其签署人的一个私用密钥签署的数字信息,来保证该数字信息在数字签名后没有被非法修改过。可以以其完整形式,或者以一个由单向散列运算产生的一个散列形式来提供该数字信息。
一个“散列运算”是将信息单向变换为一个被称为一个“散列值”的固定长度的表示。通常,该散列值在尺寸上充分小于原始信息。在有些情况下,可以进行一个1∶1的原始信息变换。术语“单向”是指没有反函数来恢复该固定长度的散列值的原始信息中任何可辨别的部分。一个散列函数的例子包括California Redwood City的RSA DataSecurity提供的MD5,或Secure Hash Algorithm(SHA-1),被指定为1995年出版的标题为“Federal Information ProcessingStandards Publication”的Secure Hash Standard FIPS 180-1(1995年4月17日)。
参考图1,图中显示了一个利用本发明的系统100的说明性实施方案模块图。系统100包括一个第一平台110和一个第二平台120。第一平台110是通过一个连接130与第二平台120进行通讯。一个“连接”被概括定义为一个或多个信息传送媒体(如电线、光纤、电缆、总线或无线信号技术)。当用户需要时,第一平台110产生并向第二平台120发送一个化名公共密钥140(下面描述)。在响应中,当可利用时,第二平台负责确认该化名公共密钥140是在第一平台110中由一个委托装置150来产生的。
现在参考图2,在一个实施方案中,委托装置150包括硬件和/或保护的软件。当采用访问控制策略来防止未授权的对软件的任何程序和子程序进行访问时,确信软件是“受保护的”。更确切地讲,装置150是一个或多个防止其它逻辑的窜改和窃取的集成电路。可以将该集成电路放置在一个单一集成电路(IC)插件或多IC插件中。一个插件提供附加的窜改保护。当然,如果不需附加的保护,可以采用没有IC插件的装置150。
这里,装置150包括一个处理单元200和一个永久存储器210(如非易失存储器、电池支持的随机访问存储器“RAM”等等)。处理单元200是由内部处理信息的软件来控制的硬件。例如,处理单元200可以进行散列运算、进行逻辑运算(如乘法、除法等等)、和/或通过使用数字签名算法进行数字签署信息来产生一个数字签名。永久存储器210包含一个在制造过程中编程的唯一的不对称密钥对220。用于核实化名,不对称密钥对220包括一个公共密钥(PUKPI)230和一个私用密钥(PRKPI)240。永久存储器210可以进一步包括第二平台120的一个公共密钥250(PUKP2),尽管如果可适用的话,它可以被放置在装置150中的易失存储器(如RAM、寄存器组等等)中。
在该实施方案中,装置150进一步包括多个发生器260,如一个随机数发生器,或一个伪随机数发生器。数据发生器260负责产生一个比特流,至少部分地用于产生一个或多个化名。一个“化名”是一个另外的密钥对形式的别名身份,该密钥对用来建立与另一个平台之间的受保护的通讯,并确认其平台包括了委托装置150。化名还支持一个询问/响应协议和一个许可绑定、保密和其它对特定平台的访问控制信息。但是,数据发生器260也可从装置150的外部使用。在这种情况下,如果数据发生器260和装置150之间的通讯是受到保护的,则通过平台110可以实现更大的安全性。
参考图3,图中显示了说明一个化名的分配合使用的说明性实施方案。为了全面保护用户的机密,用户应当能够切实地控制化名的产生、分配和删除。这样,在用户明确应允后,产生一个新的化名(模块300和310)。而且,为了访问用来核实一个现有化名的信息(如标记、公共密钥等),需要用户明确的应允(模块320和330)。可以通过向委托装置提供一个许可短语(如包含文字和数字的字符串)、一个符号和/或一个生物统计特征,来给出明确的用户应允。例如,在一个实施方案中,可以通过一个用户输入装置(如键盘、鼠标、袖珍键盘、操纵杆、触摸垫、跟踪球等等)来输入一个用户许可短语,并将其传送到委托装置。在另一个实施方案中,逻辑电路外部的存储器可以包含具有用户的许可短语的一个散列值加密的化名。这些化名都可以通过再次提供用户的许可短语来解密。
一旦产生了化名并配置为用来与一个远方平台进行通讯,对于平台/平台的通讯,只要用户选择保持该化名,那么该化名就代表该平台的身份(模块340,350和360)。
参考图4和5,图中显示了产生和验证化名的说明性实施方案的流程图。开始时,接收到一个用户的请求后,立即由装置结合一个数字产生化名(模块400)。一个化名公共密钥(PPUKP1)被放置到一个数字证明模板中(模块405)。该数字证明模板可以存储在第一平台内部,或由第二平台根据第一平台的验证请求来提供。因此,该数字证明模板经过一个散列运算,产生一个证明散列值(模块410)。
随后,该验证散列值经过一个类似于美国专利No.4,759,063和4,759,064中所描述的变换,来创建一个“不可见的”证明散列值(模块415)。特别是,将该证明散列值乘以一个伪随机数(例如,将一个预定数据提升到一个伪随机选择的幂次)。该伪随机幂在第一平台中是保密的(如放置在图2中的永久存储器210中)。
产生一个至少包括该变换的(或不可见的)证明散列值的验证请求(模块420)。该验证请求是利用第一平台的私用密钥(PRKP1)来数字签署的(模块425)。取回或产生一个装置证明,即第一实施方案中的包含公共密钥(PUKP1)的一个数字证明链,与签署的验证请求放在一起(模块430)。在该实施方案中,装置证明的特征是具有一个包含PUKP1的高层证明和包括根证明的最低层证明。当然,该装置证明可以是一个包含PUKP1的单一数字证明。签署的验证请求和装置证明都利用第二平台的公共密钥(PUKP2)来加密,然后传送到第二平台(模块435和440)。
在第二平台中,利用第二平台的私用密钥(PRKP2)解密后恢复签署的验证请求和装置证明(模块445)。可以利用负责签署装置证明的证明管理部门的一个公共密钥来获得第一平台的公共密钥(PUKP1)(模块445)。如果第二平台可以恢复证明请求,则第二平台对装置证明一直向回验证到根证明(模块455和460)。如果恢复了证明请求并验证了装置证明,则数字签署变换的(或不可见的)证明散列值,以产生一个“签署结果”(模块465)。否则,如果不能确定变换的(或不可见的)证明散列值,或不能验证装置证明,则向第一平台返回一个出错信息(模块470)。
从第二平台接收到签字的结果之后,第一平台对该信号结果进行一个反变换。例如,在该说明性实施方案中,第一平台将签署的信号除以一个伪随机数的倒数(例如预定的数据的伪随机数的相反幂次),来恢复一个证明散列值的数字签名(模块475和480)。该数字签名与一个或多个化名一同存储,用于以后与其它平台的通讯,来确定第一平台包括一个委托装置。
至此,参照说明性的实施方案对本发明进行了描述,但该说明并不是一个限制。显然对于本领域的熟练人员而言,只要不超出本发明的宗旨和范围,可以对该说明性实施方案进行多种修正,以及采用其它的实施方案。
Claims (20)
1.一种方法,包括:
在一个平台中产生一个包含一个公共化名密钥的化名;
将该公共化名密钥放入一个证明模板中;
对该证明模板进行一个散列运算,产生一个证明散列值;
对该证明散列值进行一个变换,用于从平台向外的传送;
接收一个签署结果,该结果是用于变换的证明散列值的数字签名;和
对该签署结果进行一个反变换,恢复该证明散列值的一个数字签名。
2.依照权利要求1的方法,其中产生化名的步骤包括产生公共化名密钥和一个对应于该公共化名密钥的私用化名密钥。
3.依照权利要求1的方法,其中将该公共化名密钥放入一个证明模板中的步骤包括将该公共化名密钥写入到证明模板的一个字段中。
4.依照权利要求1的方法,其中进行变换的步骤包括:
利用一个伪随机数对证明散列值进行一个逻辑运算,产生一个不同于证明散列值的值。
5.依照权利要求4的方法,其中该伪随机数是升高到由一个伪随机值指定的相反幂次的预定数值。
6.依照权利要求5的方法,其中该伪随机值被存储在安全存储器中。
7.依照权利要求4的方法,其中进行反变换的步骤包括利用伪随机数的倒数对签署结果进行一个逻辑运算。
8.依照权利要求1的方法,其中在接收数字签名之前,该方法包括:
利用第一平台的一个私用密钥,数字签署一个包括变换的散列值证明请求,来产生一个签署的证明请求。
9.依照权利要求8的方法,其中在接收数字签名之前,该方法进一步包括:
与该签署的证明一起,获得一个装置证明,即一个包括一个第一平台的一个公共密钥的数字证明链。
10.依照权利要求9的方法,其中在接收数字签名之前,该方法进一步包括:
将签署的证明请求和装置证明传送到一个第二平台
11.依照权利要求1的方法,进一步包括:
存储该证明散列值得数字签名,用于此后与一个远处的平台进行通讯。
12.一种装置,包括
一个处理单元;和
一个永久存储器,包括一个第一密钥对和至少一个化名,用来与一个远方装置通讯和确定一个包含该装置的平台是安全的。
13.依照权利要求12的装置,其中该至少一个化名包括一个第二密钥对。
14.依照权利要求13的装置,其中在一次与远方装置的通讯对话结束后删除该第二密钥对。
15.依照权利要求12的装置,进一步包括:
一个数字发生器,辅助产生该至少一个化名。
16.一种平台,包括:
一个收发器器;和
一个与该收发器通讯的装置,该装置包括一个永久存储器,来存储一个永久密钥对、至少一个在装置内部产生的化名、和一个数字证明链的散列值的数字签名,该数字证明链包含化名的一个公共化名密钥。
17.依照权利要求16的平台,其中装置进一步包括:
一个处理单元,(i)将公共化名写入到一个证明模板中,(ii)对该证明模板进行一个散列运算,产生一个证明散列值;(iii)对该证明散列值进行一个变换。
18.依照权利要求17的平台,其中装置的处理单元利用一个永久密钥对,进一步至少产生变换的证明散列值的一个数字签名
19.依照权利要求16的平台,其中装置的处理单元进一步利用该变换的证明散列值的数字签名附加一个装置证明。
20.依照权利要求19的平台,其中该装置证明是一个数字证明链。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/605,605 | 2000-06-28 | ||
US09/605,605 US6976162B1 (en) | 2000-06-28 | 2000-06-28 | Platform and method for establishing provable identities while maintaining privacy |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110050584.XA Division CN102111274B (zh) | 2000-06-28 | 2001-06-14 | 用于建立可核查身份而又保密的平台和方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN1439207A true CN1439207A (zh) | 2003-08-27 |
Family
ID=24424404
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110050584.XA Expired - Fee Related CN102111274B (zh) | 2000-06-28 | 2001-06-14 | 用于建立可核查身份而又保密的平台和方法 |
CN01811981.6A Pending CN1439207A (zh) | 2000-06-28 | 2001-06-14 | 用于建立可核查身份而又保密的平台和方法 |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110050584.XA Expired - Fee Related CN102111274B (zh) | 2000-06-28 | 2001-06-14 | 用于建立可核查身份而又保密的平台和方法 |
Country Status (5)
Country | Link |
---|---|
US (2) | US6976162B1 (zh) |
EP (1) | EP1297655A2 (zh) |
CN (2) | CN102111274B (zh) |
AU (1) | AU2001266942A1 (zh) |
WO (1) | WO2002001794A2 (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101394268B (zh) * | 2008-09-12 | 2011-05-18 | 华南理工大学 | 基于广义信息域的高级加密系统及方法 |
CN101308538B (zh) * | 2007-05-14 | 2012-10-03 | 三星电子株式会社 | 检查固件完整性的方法和设备 |
US11301583B2 (en) * | 2019-10-09 | 2022-04-12 | Mastercard International Incorporated | Method and system for protection of customer PII via cryptographic tokens |
Families Citing this family (53)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020049681A1 (en) * | 2000-07-20 | 2002-04-25 | International Business Machines Corporation | Secure anonymous verification, generation and/or proof of ownership of electronic receipts |
JP2003228915A (ja) * | 2002-02-01 | 2003-08-15 | Sony Corp | 再生制御方法、プログラム、記録媒体 |
US7124273B2 (en) | 2002-02-25 | 2006-10-17 | Intel Corporation | Method and apparatus for translating guest physical addresses in a virtual machine environment |
US7069442B2 (en) | 2002-03-29 | 2006-06-27 | Intel Corporation | System and method for execution of a secured environment initialization instruction |
US7165181B2 (en) * | 2002-11-27 | 2007-01-16 | Intel Corporation | System and method for establishing trust without revealing identity |
US7461260B2 (en) * | 2002-12-31 | 2008-12-02 | Intel Corporation | Methods and apparatus for finding a shared secret without compromising non-shared secrets |
US7370212B2 (en) | 2003-02-25 | 2008-05-06 | Microsoft Corporation | Issuing a publisher use license off-line in a digital rights management (DRM) system |
CN100337442C (zh) * | 2003-06-27 | 2007-09-12 | 华为技术有限公司 | 一种在无线局域网中进行数据完整性保护的方法 |
US8079034B2 (en) | 2003-09-15 | 2011-12-13 | Intel Corporation | Optimizing processor-managed resources based on the behavior of a virtual machine monitor |
US7739521B2 (en) | 2003-09-18 | 2010-06-15 | Intel Corporation | Method of obscuring cryptographic computations |
KR100915768B1 (ko) * | 2003-10-17 | 2009-09-04 | 인터내셔널 비지네스 머신즈 코포레이션 | 컴퓨터 프로그램 소자, 컴퓨터 프로그램 매체, 사용자입증-서명 값 생성용 입증 값 발행 방법 및 시스템 |
US7822689B2 (en) * | 2003-10-17 | 2010-10-26 | International Business Machines Corporation | Maintaining privacy for transactions performable by a user device having a security module |
US8156343B2 (en) | 2003-11-26 | 2012-04-10 | Intel Corporation | Accessing private data about the state of a data processing machine from storage that is publicly accessible |
US8037314B2 (en) | 2003-12-22 | 2011-10-11 | Intel Corporation | Replacing blinded authentication authority |
US20060242406A1 (en) | 2005-04-22 | 2006-10-26 | Microsoft Corporation | Protected computing environment |
US7298872B2 (en) * | 2004-08-17 | 2007-11-20 | Shawn Glisson | Electronic identification system for form location, organization, and endorsment |
US8347078B2 (en) * | 2004-10-18 | 2013-01-01 | Microsoft Corporation | Device certificate individualization |
US8176564B2 (en) | 2004-11-15 | 2012-05-08 | Microsoft Corporation | Special PC mode entered upon detection of undesired state |
US8464348B2 (en) | 2004-11-15 | 2013-06-11 | Microsoft Corporation | Isolated computing environment anchored into CPU and motherboard |
US8336085B2 (en) | 2004-11-15 | 2012-12-18 | Microsoft Corporation | Tuning product policy using observed evidence of customer behavior |
US8924728B2 (en) | 2004-11-30 | 2014-12-30 | Intel Corporation | Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information |
US8533777B2 (en) | 2004-12-29 | 2013-09-10 | Intel Corporation | Mechanism to determine trust of out-of-band management agents |
US8438645B2 (en) | 2005-04-27 | 2013-05-07 | Microsoft Corporation | Secure clock with grace periods |
US8725646B2 (en) | 2005-04-15 | 2014-05-13 | Microsoft Corporation | Output protection levels |
US9436804B2 (en) | 2005-04-22 | 2016-09-06 | Microsoft Technology Licensing, Llc | Establishing a unique session key using a hardware functionality scan |
US9363481B2 (en) | 2005-04-22 | 2016-06-07 | Microsoft Technology Licensing, Llc | Protected media pipeline |
US20060265758A1 (en) | 2005-05-20 | 2006-11-23 | Microsoft Corporation | Extensible media rights |
US8353046B2 (en) | 2005-06-08 | 2013-01-08 | Microsoft Corporation | System and method for delivery of a modular operating system |
EP1750389B1 (en) * | 2005-08-05 | 2007-09-26 | Sap Ag | System and method for updating keys used for public key cryptography |
US7809957B2 (en) | 2005-09-29 | 2010-10-05 | Intel Corporation | Trusted platform module for generating sealed data |
US7849312B2 (en) * | 2006-03-24 | 2010-12-07 | Atmel Corporation | Method and system for secure external TPM password generation and use |
US20070226514A1 (en) * | 2006-03-24 | 2007-09-27 | Atmel Corporation | Secure biometric processing system and method of use |
US20070237366A1 (en) * | 2006-03-24 | 2007-10-11 | Atmel Corporation | Secure biometric processing system and method of use |
KR20080058833A (ko) * | 2006-12-22 | 2008-06-26 | 삼성전자주식회사 | 개인 정보 보호 장치 및 방법 |
US7882358B2 (en) * | 2007-01-15 | 2011-02-01 | Microsoft Corporation | Reversible hashing for E-signature verification |
US8001383B2 (en) | 2007-02-01 | 2011-08-16 | Microsoft Corporation | Secure serial number |
US7958057B2 (en) * | 2007-03-28 | 2011-06-07 | King Fahd University Of Petroleum And Minerals | Virtual account based new digital cash protocols with combined blind digital signature and pseudonym authentication |
US7877331B2 (en) * | 2007-09-06 | 2011-01-25 | King Fahd University Of Petroleum & Minerals | Token based new digital cash protocols with combined blind digital signature and pseudonym authentication |
US20110289322A1 (en) * | 2007-12-14 | 2011-11-24 | Rasti Mehran | Protected use of identity identifier objects |
CN102082664A (zh) * | 2009-11-30 | 2011-06-01 | 腾讯科技(深圳)有限公司 | 网络数据安全传输系统及方法 |
JP2013525877A (ja) * | 2010-04-16 | 2013-06-20 | ノキア シーメンス ネットワークス オサケユキチュア | 仮想アイデンティティ |
WO2011153539A1 (en) * | 2010-06-04 | 2011-12-08 | Northwestern University | Pseudonymous public keys based authentication |
GB2496841B (en) * | 2011-11-15 | 2016-07-20 | Rosberg System As | Method of securing a computing device |
US10248429B2 (en) * | 2014-04-25 | 2019-04-02 | Hewlett Packard Enterprise Development Lp | Configuration based on a blueprint |
CN105610848B (zh) * | 2016-01-08 | 2018-05-25 | 北京工业大学 | 具备源数据安全保障机制的集中式数据保全方法及系统 |
US20190014095A1 (en) * | 2017-07-06 | 2019-01-10 | At&T Intellectual Property I, L.P. | Facilitating provisioning of an out-of-band pseudonym over a secure communication channel |
CN111684764B (zh) * | 2018-02-05 | 2023-07-04 | Lg 电子株式会社 | 使用盲激活码进行数字证书撤销的密码方法和系统 |
US10841080B2 (en) * | 2018-03-20 | 2020-11-17 | International Business Machines Corporation | Oblivious pseudorandom function in a key management system |
US10887088B2 (en) * | 2018-03-20 | 2021-01-05 | International Business Machines Corporation | Virtualizing a key hierarchy using a partially-oblivious pseudorandom function (P-OPRF) |
US10887293B2 (en) | 2018-03-20 | 2021-01-05 | International Business Machines Corporation | Key identifiers in an obliviousness pseudorandom function (OPRF)-based key management service (KMS) |
US11115206B2 (en) | 2018-08-23 | 2021-09-07 | International Business Machines Corporation | Assymetric structured key recovering using oblivious pseudorandom function |
US10924267B2 (en) | 2018-08-24 | 2021-02-16 | International Business Machines Corporation | Validating keys derived from an oblivious pseudorandom function |
CN113486388B (zh) * | 2021-09-06 | 2021-11-26 | 江苏翔晟信息技术股份有限公司 | 基于分离式秘钥存储的电子签章签署系统及方法 |
Family Cites Families (203)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3699532A (en) | 1970-04-21 | 1972-10-17 | Singer Co | Multiprogramming control for a data handling system |
US3996449A (en) | 1975-08-25 | 1976-12-07 | International Business Machines Corporation | Operating system authenticator |
US4162536A (en) | 1976-01-02 | 1979-07-24 | Gould Inc., Modicon Div. | Digital input/output system and method |
US4037214A (en) | 1976-04-30 | 1977-07-19 | International Business Machines Corporation | Key register controlled accessing system |
US4247905A (en) * | 1977-08-26 | 1981-01-27 | Sharp Kabushiki Kaisha | Memory clear system |
US4278837A (en) | 1977-10-31 | 1981-07-14 | Best Robert M | Crypto microprocessor for executing enciphered programs |
US4276594A (en) * | 1978-01-27 | 1981-06-30 | Gould Inc. Modicon Division | Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and method for performing the same |
US4207609A (en) | 1978-05-08 | 1980-06-10 | International Business Machines Corporation | Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system |
JPS5576447A (en) | 1978-12-01 | 1980-06-09 | Fujitsu Ltd | Address control system for software simulation |
US4307447A (en) | 1979-06-19 | 1981-12-22 | Gould Inc. | Programmable controller |
US4319323A (en) * | 1980-04-04 | 1982-03-09 | Digital Equipment Corporation | Communications device for data processing system |
US4419724A (en) | 1980-04-14 | 1983-12-06 | Sperry Corporation | Main bus interface package |
US4366537A (en) | 1980-05-23 | 1982-12-28 | International Business Machines Corp. | Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys |
US4403283A (en) | 1980-07-28 | 1983-09-06 | Ncr Corporation | Extended memory system and method |
DE3034581A1 (de) | 1980-09-13 | 1982-04-22 | Robert Bosch Gmbh, 7000 Stuttgart | Auslesesicherung bei einchip-mikroprozessoren |
JPS58140862A (ja) | 1982-02-16 | 1983-08-20 | Toshiba Corp | 相互排他方式 |
US4521852A (en) * | 1982-06-30 | 1985-06-04 | Texas Instruments Incorporated | Data processing device formed on a single semiconductor substrate having secure memory |
JPS59111561A (ja) * | 1982-12-17 | 1984-06-27 | Hitachi Ltd | 複合プロセツサ・システムのアクセス制御方式 |
US4759064A (en) | 1985-10-07 | 1988-07-19 | Chaum David L | Blind unanticipated signature systems |
US4759063A (en) * | 1983-08-22 | 1988-07-19 | Chaum David L | Blind signature systems |
GB8414518D0 (en) * | 1984-06-07 | 1984-07-11 | Pfizer Ltd | Therapeutic agents |
US4975836A (en) | 1984-12-19 | 1990-12-04 | Hitachi, Ltd. | Virtual computer system |
JPS61206057A (ja) | 1985-03-11 | 1986-09-12 | Hitachi Ltd | アドレス変換装置 |
FR2592510B1 (fr) * | 1985-12-31 | 1988-02-12 | Bull Cp8 | Procede et appareil pour certifier des services obtenus a l'aide d'un support portatif tel qu'une carte a memoire |
FR2601476B1 (fr) * | 1986-07-11 | 1988-10-21 | Bull Cp8 | Procede pour authentifier une donnee d'habilitation externe par un objet portatif tel qu'une carte a memoire |
FR2601525B1 (fr) | 1986-07-11 | 1988-10-21 | Bull Cp8 | Dispositif de securite interdisant le fonctionnement d'un ensemble electronique apres une premiere coupure de son alimentation electrique |
FR2601535B1 (fr) * | 1986-07-11 | 1988-10-21 | Bull Cp8 | Procede pour certifier l'authenticite d'une donnee echangee entre deux dispositifs connectes en local ou a distance par une ligne de transmission |
FR2618002B1 (fr) * | 1987-07-10 | 1991-07-05 | Schlumberger Ind Sa | Procede et systeme d'authentification de cartes a memoire electronique |
US5007082A (en) * | 1988-08-03 | 1991-04-09 | Kelly Services, Inc. | Computer software encryption apparatus |
US5079737A (en) * | 1988-10-25 | 1992-01-07 | United Technologies Corporation | Memory management unit for the MIL-STD 1750 bus |
US5434999A (en) | 1988-11-09 | 1995-07-18 | Bull Cp8 | Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal |
FR2640798B1 (fr) | 1988-12-20 | 1993-01-08 | Bull Cp8 | Dispositif de traitement de donnees comportant une memoire non volatile electriquement effacable et reprogrammable |
JPH02171934A (ja) | 1988-12-26 | 1990-07-03 | Hitachi Ltd | 仮想計算機システム |
JPH02208740A (ja) | 1989-02-09 | 1990-08-20 | Fujitsu Ltd | 仮想計算機制御方式 |
US5442645A (en) | 1989-06-06 | 1995-08-15 | Bull Cp8 | Method for checking the integrity of a program or data, and apparatus for implementing this method |
JP2590267B2 (ja) * | 1989-06-30 | 1997-03-12 | 株式会社日立製作所 | 仮想計算機における表示制御方式 |
US5022077A (en) * | 1989-08-25 | 1991-06-04 | International Business Machines Corp. | Apparatus and method for preventing unauthorized access to BIOS in a personal computer system |
JP2825550B2 (ja) | 1989-09-21 | 1998-11-18 | 株式会社日立製作所 | 多重仮想空間アドレス制御方法および計算機システム |
CA2010591C (en) | 1989-10-20 | 1999-01-26 | Phillip M. Adams | Kernels, description tables and device drivers |
CA2027799A1 (en) | 1989-11-03 | 1991-05-04 | David A. Miller | Method and apparatus for independently resetting processors and cache controllers in multiple processor systems |
US5075842A (en) | 1989-12-22 | 1991-12-24 | Intel Corporation | Disabling tag bit recognition and allowing privileged operations to occur in an object-oriented memory protection mechanism |
EP0473913A3 (en) | 1990-09-04 | 1992-12-16 | International Business Machines Corporation | Method and apparatus for providing a service pool of virtual machines for a plurality of vm users |
US5108590A (en) | 1990-09-12 | 1992-04-28 | Disanto Dennis | Water dispenser |
US5230069A (en) | 1990-10-02 | 1993-07-20 | International Business Machines Corporation | Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virtual machine computer system |
US5317705A (en) * | 1990-10-24 | 1994-05-31 | International Business Machines Corporation | Apparatus and method for TLB purge reduction in a multi-level machine system |
US5287363A (en) | 1991-07-01 | 1994-02-15 | Disk Technician Corporation | System for locating and anticipating data storage media failures |
US5437033A (en) | 1990-11-16 | 1995-07-25 | Hitachi, Ltd. | System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode |
US5255379A (en) | 1990-12-28 | 1993-10-19 | Sun Microsystems, Inc. | Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 80486 processor |
US5453003A (en) * | 1991-01-09 | 1995-09-26 | Pfefferle; William C. | Catalytic method |
US5446904A (en) | 1991-05-17 | 1995-08-29 | Zenith Data Systems Corporation | Suspend/resume capability for a protected mode microprocessor |
JPH04348434A (ja) | 1991-05-27 | 1992-12-03 | Hitachi Ltd | 仮想計算機システム |
US5522075A (en) * | 1991-06-28 | 1996-05-28 | Digital Equipment Corporation | Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces |
US5319760A (en) * | 1991-06-28 | 1994-06-07 | Digital Equipment Corporation | Translation buffer for virtual machines with address space match |
US5455909A (en) | 1991-07-05 | 1995-10-03 | Chips And Technologies Inc. | Microprocessor with operation capture facility |
JPH06236284A (ja) * | 1991-10-21 | 1994-08-23 | Intel Corp | コンピュータシステム処理状態を保存及び復元する方法及びコンピュータシステム |
US5627987A (en) * | 1991-11-29 | 1997-05-06 | Kabushiki Kaisha Toshiba | Memory management and protection system for virtual memory in computer system |
US5574936A (en) | 1992-01-02 | 1996-11-12 | Amdahl Corporation | Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB) in a computer system |
US5486529A (en) * | 1992-04-16 | 1996-01-23 | Zeneca Limited | Certain pyridyl ketones for treating diseases involving leukocyte elastase |
US5421006A (en) * | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
US5610981A (en) | 1992-06-04 | 1997-03-11 | Integrated Technologies Of America, Inc. | Preboot protection for a data security system with anti-intrusion capability |
US5237616A (en) | 1992-09-21 | 1993-08-17 | International Business Machines Corporation | Secure computer system having privileged and unprivileged memories |
US5293424A (en) * | 1992-10-14 | 1994-03-08 | Bull Hn Information Systems Inc. | Secure memory card |
US5796835A (en) | 1992-10-27 | 1998-08-18 | Bull Cp8 | Method and system for writing information in a data carrier making it possible to later certify the originality of this information |
EP0600112A1 (de) | 1992-11-30 | 1994-06-08 | Siemens Nixdorf Informationssysteme Aktiengesellschaft | Datenverarbeitungsanlage mit virtueller Speicheradressierung und schlüsselgesteuertem Speicherzugriff |
JP2765411B2 (ja) * | 1992-11-30 | 1998-06-18 | 株式会社日立製作所 | 仮想計算機方式 |
US5668971A (en) | 1992-12-01 | 1997-09-16 | Compaq Computer Corporation | Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data transfer |
EP0602867A1 (en) | 1992-12-17 | 1994-06-22 | NCR International, Inc. | An apparatus for securing a system platform |
JPH06187178A (ja) | 1992-12-18 | 1994-07-08 | Hitachi Ltd | 仮想計算機システムの入出力割込み制御方法 |
US5483656A (en) | 1993-01-14 | 1996-01-09 | Apple Computer, Inc. | System for managing power consumption of devices coupled to a common bus |
US5469557A (en) | 1993-03-05 | 1995-11-21 | Microchip Technology Incorporated | Code protection in microcontroller with EEPROM fuses |
FR2703800B1 (fr) | 1993-04-06 | 1995-05-24 | Bull Cp8 | Procédé de signature d'un fichier informatique, et dispositif pour la mise en Óoeuvre. |
FR2704341B1 (fr) | 1993-04-22 | 1995-06-02 | Bull Cp8 | Dispositif de protection des clés d'une carte à puce. |
JPH06348867A (ja) * | 1993-06-04 | 1994-12-22 | Hitachi Ltd | マイクロコンピュータ |
FR2706210B1 (fr) * | 1993-06-08 | 1995-07-21 | Bull Cp8 | Procédé d'authentification d'un objet portatif par un terminal hors ligne, objet portatif et terminal correspondants. |
NL9301348A (nl) | 1993-08-02 | 1995-03-01 | Stefanus Alfonsus Brands | Elektronisch betalingssysteem. |
US5555385A (en) | 1993-10-27 | 1996-09-10 | International Business Machines Corporation | Allocation of address spaces within virtual machine compute system |
US5825880A (en) | 1994-01-13 | 1998-10-20 | Sudia; Frank W. | Multi-step digital signature method and system |
US5459869A (en) | 1994-02-17 | 1995-10-17 | Spilo; Michael L. | Method for providing protected mode services for device drivers and other resident software |
US5511121A (en) * | 1994-02-23 | 1996-04-23 | Bell Communications Research, Inc. | Efficient electronic money |
US5604805A (en) | 1994-02-28 | 1997-02-18 | Brands; Stefanus A. | Privacy-protected transfer of electronic information |
FR2717286B1 (fr) * | 1994-03-09 | 1996-04-05 | Bull Cp8 | Procédé et dispositif pour authentifier un support de données destiné à permettre une transaction ou l'accès à un service ou à un lieu, et support correspondant. |
US5684881A (en) | 1994-05-23 | 1997-11-04 | Matsushita Electric Industrial Co., Ltd. | Sound field and sound image control apparatus and method |
US5473692A (en) | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
US5539828A (en) | 1994-05-31 | 1996-07-23 | Intel Corporation | Apparatus and method for providing secured communications |
US5533123A (en) | 1994-06-28 | 1996-07-02 | National Semiconductor Corporation | Programmable distributed personal security |
JPH0883211A (ja) | 1994-09-12 | 1996-03-26 | Mitsubishi Electric Corp | データ処理装置 |
DE69534757T2 (de) | 1994-09-15 | 2006-08-31 | International Business Machines Corp. | System und Verfahren zur sicheren Speicherung und Verteilung von Daten unter Verwendung digitaler Unterschriften |
US6058478A (en) * | 1994-09-30 | 2000-05-02 | Intel Corporation | Apparatus and method for a vetted field upgrade |
FR2725537B1 (fr) | 1994-10-11 | 1996-11-22 | Bull Cp8 | Procede de chargement d'une zone memoire protegee d'un dispositif de traitement de l'information et dispositif associe |
US5903752A (en) * | 1994-10-13 | 1999-05-11 | Intel Corporation | Method and apparatus for embedding a real-time multi-tasking kernel in a non-real-time operating system |
US5606617A (en) | 1994-10-14 | 1997-02-25 | Brands; Stefanus A. | Secret-key certificates |
US5564040A (en) | 1994-11-08 | 1996-10-08 | International Business Machines Corporation | Method and apparatus for providing a server function in a logically partitioned hardware machine |
US5560013A (en) | 1994-12-06 | 1996-09-24 | International Business Machines Corporation | Method of using a target processor to execute programs of a source architecture that uses multiple address spaces |
US5555414A (en) | 1994-12-14 | 1996-09-10 | International Business Machines Corporation | Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals |
US5615263A (en) * | 1995-01-06 | 1997-03-25 | Vlsi Technology, Inc. | Dual purpose security architecture with protected internal operating system |
US5764969A (en) * | 1995-02-10 | 1998-06-09 | International Business Machines Corporation | Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions with partial concept synchronization |
FR2731536B1 (fr) * | 1995-03-10 | 1997-04-18 | Schlumberger Ind Sa | Procede d'inscription securisee d'informations dans un support portable |
AU4958396A (en) * | 1995-03-27 | 1996-10-16 | Stefanus Alfonsus Brands | System for ensuring that the blinding of secret-key certific ates is restricted, even if the issuing protocol is performe d in parallel mode |
US5717903A (en) * | 1995-05-15 | 1998-02-10 | Compaq Computer Corporation | Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device |
CN1104118C (zh) | 1995-05-19 | 2003-03-26 | 西门子公司 | 计算机支持的在两个计算机之间的密码交换方法 |
JP3451595B2 (ja) | 1995-06-07 | 2003-09-29 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 二つの別個の命令セット・アーキテクチャへの拡張をサポートすることができるアーキテクチャ・モード制御を備えたマイクロプロセッサ |
US5684948A (en) | 1995-09-01 | 1997-11-04 | National Semiconductor Corporation | Memory management circuit which provides simulated privilege levels |
US5633929A (en) | 1995-09-15 | 1997-05-27 | Rsa Data Security, Inc | Cryptographic key escrow system having reduced vulnerability to harvesting attacks |
US6093213A (en) | 1995-10-06 | 2000-07-25 | Advanced Micro Devices, Inc. | Flexible implementation of a system management mode (SMM) in a processor |
US5737760A (en) * | 1995-10-06 | 1998-04-07 | Motorola Inc. | Microcontroller with security logic circuit which prevents reading of internal memory by external program |
US5901229A (en) | 1995-11-06 | 1999-05-04 | Nippon Telegraph And Telephone Corp. | Electronic cash implementing method using a trustee |
JP3693721B2 (ja) * | 1995-11-10 | 2005-09-07 | Necエレクトロニクス株式会社 | フラッシュメモリ内蔵マイクロコンピュータ及びそのテスト方法 |
US5657445A (en) | 1996-01-26 | 1997-08-12 | Dell Usa, L.P. | Apparatus and method for limiting access to mass storage devices in a computer system |
US5835594A (en) | 1996-02-09 | 1998-11-10 | Intel Corporation | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
US5878138A (en) * | 1996-02-12 | 1999-03-02 | Microsoft Corporation | System and method for detecting fraudulent expenditure of electronic assets |
US5809546A (en) | 1996-05-23 | 1998-09-15 | International Business Machines Corporation | Method for managing I/O buffers in shared storage by structuring buffer table having entries including storage keys for controlling accesses to the buffers |
US6205550B1 (en) * | 1996-06-13 | 2001-03-20 | Intel Corporation | Tamper resistant methods and apparatus |
US6175925B1 (en) * | 1996-06-13 | 2001-01-16 | Intel Corporation | Tamper resistant player for scrambled contents |
US6178509B1 (en) * | 1996-06-13 | 2001-01-23 | Intel Corporation | Tamper resistant methods and apparatus |
US5729760A (en) * | 1996-06-21 | 1998-03-17 | Intel Corporation | System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode |
US5944821A (en) | 1996-07-11 | 1999-08-31 | Compaq Computer Corporation | Secure software registration and integrity assessment in a computer system |
US6199152B1 (en) | 1996-08-22 | 2001-03-06 | Transmeta Corporation | Translated memory protection apparatus for an advanced microprocessor |
US5740178A (en) | 1996-08-29 | 1998-04-14 | Lucent Technologies Inc. | Software for controlling a reliable backup memory |
US6055637A (en) * | 1996-09-27 | 2000-04-25 | Electronic Data Systems Corporation | System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential |
US5844986A (en) | 1996-09-30 | 1998-12-01 | Intel Corporation | Secure BIOS |
US5935242A (en) | 1996-10-28 | 1999-08-10 | Sun Microsystems, Inc. | Method and apparatus for initializing a device |
US5872844A (en) * | 1996-11-18 | 1999-02-16 | Microsoft Corporation | System and method for detecting fraudulent expenditure of transferable electronic assets |
US5852717A (en) | 1996-11-20 | 1998-12-22 | Shiva Corporation | Performance optimizations for computer networks utilizing HTTP |
DE19649292A1 (de) * | 1996-11-28 | 1998-06-04 | Deutsche Telekom Ag | Verfahren zum Sichern eines durch eine Schlüsselhierarchie geschützten Systems |
US5901225A (en) * | 1996-12-05 | 1999-05-04 | Advanced Micro Devices, Inc. | System and method for performing software patches in embedded systems |
US5757919A (en) * | 1996-12-12 | 1998-05-26 | Intel Corporation | Cryptographically protected paging subsystem |
JP4000654B2 (ja) | 1997-02-27 | 2007-10-31 | セイコーエプソン株式会社 | 半導体装置及び電子機器 |
US6557104B2 (en) * | 1997-05-02 | 2003-04-29 | Phoenix Technologies Ltd. | Method and apparatus for secure processing of cryptographic keys |
US6044478A (en) | 1997-05-30 | 2000-03-28 | National Semiconductor Corporation | Cache with finely granular locked-down regions |
US6075938A (en) * | 1997-06-10 | 2000-06-13 | The Board Of Trustees Of The Leland Stanford Junior University | Virtual machine monitors for scalable multiprocessors |
US6175924B1 (en) | 1997-06-20 | 2001-01-16 | International Business Machines Corp. | Method and apparatus for protecting application data in secure storage areas |
US6035374A (en) | 1997-06-25 | 2000-03-07 | Sun Microsystems, Inc. | Method of executing coded instructions in a multiprocessor having shared execution resources including active, nap, and sleep states in accordance with cache miss latency |
US6584565B1 (en) | 1997-07-15 | 2003-06-24 | Hewlett-Packard Development Company, L.P. | Method and apparatus for long term verification of digital signatures |
US6014745A (en) * | 1997-07-17 | 2000-01-11 | Silicon Systems Design Ltd. | Protection for customer programs (EPROM) |
US6212635B1 (en) * | 1997-07-18 | 2001-04-03 | David C. Reardon | Network security system allowing access and modification to a security subsystem after initial installation when a master token is in place |
US5978475A (en) | 1997-07-18 | 1999-11-02 | Counterpane Internet Security, Inc. | Event auditing system |
DE19733662C2 (de) * | 1997-08-04 | 2001-05-23 | Deutsche Telekom Mobil | Verfahren und Vorrichtung zur kundenseitigen Personalisierung von GSM-Chips |
US5919257A (en) | 1997-08-08 | 1999-07-06 | Novell, Inc. | Networked workstation intrusion detection system |
DE19735948C1 (de) * | 1997-08-19 | 1998-10-01 | Siemens Nixdorf Inf Syst | Verfahren zur Verbesserung der Steuerungsmöglichkeit in Datenverarbeitungsanlagen mit Adreßübersetzung |
US5935247A (en) | 1997-09-18 | 1999-08-10 | Geneticware Co., Ltd. | Computer system having a genetic code that cannot be directly accessed and a method of maintaining the same |
US6182089B1 (en) * | 1997-09-23 | 2001-01-30 | Silicon Graphics, Inc. | Method, system and computer program product for dynamically allocating large memory pages of different sizes |
US6357004B1 (en) * | 1997-09-30 | 2002-03-12 | Intel Corporation | System and method for ensuring integrity throughout post-processing |
US6061794A (en) * | 1997-09-30 | 2000-05-09 | Compaq Computer Corp. | System and method for performing secure device communications in a peer-to-peer bus architecture |
US6219787B1 (en) | 1997-12-22 | 2001-04-17 | Texas Instruments Incorporated | Method and apparatus for extending security model to native code |
US6378072B1 (en) * | 1998-02-03 | 2002-04-23 | Compaq Computer Corporation | Cryptographic system |
US6108644A (en) | 1998-02-19 | 2000-08-22 | At&T Corp. | System and method for electronic transactions |
US6131166A (en) | 1998-03-13 | 2000-10-10 | Sun Microsystems, Inc. | System and method for cross-platform application level power management |
US6192455B1 (en) * | 1998-03-30 | 2001-02-20 | Intel Corporation | Apparatus and method for preventing access to SMRAM space through AGP addressing |
US6374286B1 (en) * | 1998-04-06 | 2002-04-16 | Rockwell Collins, Inc. | Real time processor capable of concurrently running multiple independent JAVA machines |
US6173417B1 (en) | 1998-04-30 | 2001-01-09 | Intel Corporation | Initializing and restarting operating systems |
US6397242B1 (en) * | 1998-05-15 | 2002-05-28 | Vmware, Inc. | Virtualization system including a virtual machine monitor for a computer with a segmented architecture |
EP0961193B1 (en) | 1998-05-29 | 2010-09-01 | Texas Instruments Incorporated | Secure computing device |
US6339815B1 (en) * | 1998-08-14 | 2002-01-15 | Silicon Storage Technology, Inc. | Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space |
US6505279B1 (en) * | 1998-08-14 | 2003-01-07 | Silicon Storage Technology, Inc. | Microcontroller system having security circuitry to selectively lock portions of a program memory address space |
JP2000076139A (ja) | 1998-08-28 | 2000-03-14 | Nippon Telegr & Teleph Corp <Ntt> | 携帯型情報記憶媒体 |
US6363485B1 (en) * | 1998-09-09 | 2002-03-26 | Entrust Technologies Limited | Multi-factor biometric authenticating device and method |
US6230248B1 (en) | 1998-10-12 | 2001-05-08 | Institute For The Development Of Emerging Architectures, L.L.C. | Method and apparatus for pre-validating regions in a virtual addressing scheme |
US6609199B1 (en) | 1998-10-26 | 2003-08-19 | Microsoft Corporation | Method and apparatus for authenticating an open system application to a portable IC device |
US6327652B1 (en) | 1998-10-26 | 2001-12-04 | Microsoft Corporation | Loading and identifying a digital rights management operating system |
US7194092B1 (en) | 1998-10-26 | 2007-03-20 | Microsoft Corporation | Key-based secure storage |
US6282650B1 (en) | 1999-01-25 | 2001-08-28 | Intel Corporation | Secure public digital watermark |
US6560627B1 (en) | 1999-01-28 | 2003-05-06 | Cisco Technology, Inc. | Mutual exclusion at the record level with priority inheritance for embedded systems using one semaphore |
US7111290B1 (en) | 1999-01-28 | 2006-09-19 | Ati International Srl | Profiling program execution to identify frequently-executed portions and to assist binary translation |
US6188257B1 (en) | 1999-02-01 | 2001-02-13 | Vlsi Technology, Inc. | Power-on-reset logic with secure power down capability |
EP1030237A1 (en) | 1999-02-15 | 2000-08-23 | Hewlett-Packard Company | Trusted hardware device in a computer |
US7225333B2 (en) | 1999-03-27 | 2007-05-29 | Microsoft Corporation | Secure processor architecture for use with a digital rights management (DRM) system on a computing device |
US6615278B1 (en) | 1999-03-29 | 2003-09-02 | International Business Machines Corporation | Cross-platform program, system, and method having a global registry object for mapping registry equivalent functions in an OS/2 operating system environment |
US6684326B1 (en) | 1999-03-31 | 2004-01-27 | International Business Machines Corporation | Method and system for authenticated boot operations in a computer system of a networked computing environment |
US6651171B1 (en) | 1999-04-06 | 2003-11-18 | Microsoft Corporation | Secure execution of program code |
US6389537B1 (en) * | 1999-04-23 | 2002-05-14 | Intel Corporation | Platform and method for assuring integrity of trusted agent communications |
US6275933B1 (en) | 1999-04-30 | 2001-08-14 | 3Com Corporation | Security system for a computerized apparatus |
EP1056014A1 (en) | 1999-05-28 | 2000-11-29 | Hewlett-Packard Company | System for providing a trustworthy user interface |
EP1055989A1 (en) | 1999-05-28 | 2000-11-29 | Hewlett-Packard Company | System for digitally signing a document |
US6529909B1 (en) | 1999-08-31 | 2003-03-04 | Accenture Llp | Method for translating an object attribute converter in an information services patterns environment |
US6571171B1 (en) * | 1999-09-08 | 2003-05-27 | Rockwell Collins, Inc. | Method and apparatus for graphically inserting waypoints for a flight management system |
JP2001148344A (ja) | 1999-09-09 | 2001-05-29 | Nikon Corp | 露光装置、エネルギ源の出力制御方法、該方法を用いるレーザ装置、及びデバイス製造方法 |
EP1085396A1 (en) | 1999-09-17 | 2001-03-21 | Hewlett-Packard Company | Operation of trusted state in computing platform |
US6535988B1 (en) * | 1999-09-29 | 2003-03-18 | Intel Corporation | System for detecting over-clocking uses a reference signal thereafter preventing over-clocking by reducing clock rate |
US6374317B1 (en) * | 1999-10-07 | 2002-04-16 | Intel Corporation | Method and apparatus for initializing a computer interface |
EP1269425A2 (en) | 2000-02-25 | 2003-01-02 | Identix Incorporated | Secure transaction system |
AU2001243365A1 (en) | 2000-03-02 | 2001-09-12 | Alarity Corporation | System and method for process protection |
JP3710671B2 (ja) | 2000-03-14 | 2005-10-26 | シャープ株式会社 | 1チップマイクロコンピュータ及びそれを用いたicカード、並びに1チップマイクロコンピュータのアクセス制御方法 |
CA2341931C (en) | 2000-03-24 | 2006-05-30 | Contentguard Holdings, Inc. | System and method for protection of digital works |
US6678825B1 (en) | 2000-03-31 | 2004-01-13 | Intel Corporation | Controlling access to multiple isolated memories in an isolated execution environment |
US6633963B1 (en) | 2000-03-31 | 2003-10-14 | Intel Corporation | Controlling access to multiple memory zones in an isolated execution environment |
US6507904B1 (en) | 2000-03-31 | 2003-01-14 | Intel Corporation | Executing isolated mode instructions in a secure system running in privilege rings |
US6871276B1 (en) * | 2000-04-05 | 2005-03-22 | Microsoft Corporation | Controlled-content recoverable blinded certificates |
GB0020416D0 (en) | 2000-08-18 | 2000-10-04 | Hewlett Packard Co | Trusted system |
US6938164B1 (en) | 2000-11-22 | 2005-08-30 | Microsoft Corporation | Method and system for allowing code to be securely initialized in a computer |
GB0104764D0 (en) * | 2001-02-24 | 2001-04-18 | Ibm | Method apparatus and computer program product for controlling access to a res urce |
US7631160B2 (en) | 2001-04-04 | 2009-12-08 | Advanced Micro Devices, Inc. | Method and apparatus for securing portions of memory |
US6976136B2 (en) | 2001-05-07 | 2005-12-13 | National Semiconductor Corporation | Flash memory protection scheme for secured shared BIOS implementation in personal computers with an embedded controller |
US7676430B2 (en) | 2001-05-09 | 2010-03-09 | Lenovo (Singapore) Ptd. Ltd. | System and method for installing a remote credit card authorization on a system with a TCPA complaint chipset |
EP1271277A3 (en) | 2001-06-26 | 2003-02-05 | Redstrike B.V. | Security system and software to prevent unauthorized use of a computing device |
US20030018892A1 (en) | 2001-07-19 | 2003-01-23 | Jose Tello | Computer with a modified north bridge, security engine and smart card having a secure boot capability and method for secure booting a computer |
US7191464B2 (en) | 2001-10-16 | 2007-03-13 | Lenovo Pte. Ltd. | Method and system for tracking a secure boot in a trusted computing environment |
US7103771B2 (en) | 2001-12-17 | 2006-09-05 | Intel Corporation | Connecting a virtual token to a physical token |
US20030126453A1 (en) | 2001-12-31 | 2003-07-03 | Glew Andrew F. | Processor supporting execution of an authenticated code instruction |
US7308576B2 (en) | 2001-12-31 | 2007-12-11 | Intel Corporation | Authenticated code module |
US7107460B2 (en) | 2002-02-15 | 2006-09-12 | International Business Machines Corporation | Method and system for securing enablement access to a data security device |
US7343493B2 (en) | 2002-03-28 | 2008-03-11 | Lenovo (Singapore) Pte. Ltd. | Encrypted file system using TCPA |
US7318141B2 (en) | 2002-12-17 | 2008-01-08 | Intel Corporation | Methods and systems to control virtual machines |
US20040266523A1 (en) * | 2003-04-16 | 2004-12-30 | Gentles Thomas A | Secured networks in a gaming system environment |
-
2000
- 2000-06-28 US US09/605,605 patent/US6976162B1/en not_active Expired - Fee Related
-
2001
- 2001-06-14 CN CN201110050584.XA patent/CN102111274B/zh not_active Expired - Fee Related
- 2001-06-14 AU AU2001266942A patent/AU2001266942A1/en not_active Abandoned
- 2001-06-14 WO PCT/US2001/019223 patent/WO2002001794A2/en active Application Filing
- 2001-06-14 CN CN01811981.6A patent/CN1439207A/zh active Pending
- 2001-06-14 EP EP01944542A patent/EP1297655A2/en not_active Withdrawn
-
2005
- 2005-11-29 US US11/289,747 patent/US7516330B2/en not_active Expired - Fee Related
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101308538B (zh) * | 2007-05-14 | 2012-10-03 | 三星电子株式会社 | 检查固件完整性的方法和设备 |
CN101394268B (zh) * | 2008-09-12 | 2011-05-18 | 华南理工大学 | 基于广义信息域的高级加密系统及方法 |
US11301583B2 (en) * | 2019-10-09 | 2022-04-12 | Mastercard International Incorporated | Method and system for protection of customer PII via cryptographic tokens |
Also Published As
Publication number | Publication date |
---|---|
US7516330B2 (en) | 2009-04-07 |
CN102111274B (zh) | 2014-07-02 |
US20060080528A1 (en) | 2006-04-13 |
WO2002001794A2 (en) | 2002-01-03 |
WO2002001794A3 (en) | 2002-09-26 |
AU2001266942A1 (en) | 2002-01-08 |
US6976162B1 (en) | 2005-12-13 |
CN102111274A (zh) | 2011-06-29 |
EP1297655A2 (en) | 2003-04-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102111274B (zh) | 用于建立可核查身份而又保密的平台和方法 | |
CN101019369B (zh) | 利用在线服务向装置传递直接证明私有密钥的方法 | |
CN102217277B (zh) | 基于令牌进行认证的方法和系统 | |
CN110519309B (zh) | 数据传输方法、装置、终端、服务器及存储介质 | |
CN100504819C (zh) | 访问认证方法、信息处理单元以及可拆卸记录装置 | |
EP1175038B1 (en) | Technique for obtaining a sign-on certificate from a foreign PKI system using an existing strong authentication PKI system | |
US7100048B1 (en) | Encrypted internet and intranet communication device | |
EP1322086A2 (en) | Assignment of user certificates/private keys in token enabled public key infrastructure system | |
EP1617588A1 (en) | Device authentication system | |
US7050584B1 (en) | Method and system for regenerating a private key for a predetermined asymmetric cryptographic key pair | |
CN112232814B (zh) | 支付密钥的加密和解密方法、支付认证方法及终端设备 | |
CN113067699B (zh) | 基于量子密钥的数据共享方法、装置和计算机设备 | |
CN109981287B (zh) | 一种代码签名方法及其存储介质 | |
CN109598104B (zh) | 基于时间戳和秘密鉴权文件的软件授权保护系统及其方法 | |
CN111475824A (zh) | 数据访问方法、装置、设备和存储介质 | |
CN110222809B (zh) | 一种二维码的信息组合及加密方法和二维码加密机 | |
US20060053288A1 (en) | Interface method and device for the on-line exchange of content data in a secure manner | |
KR102329221B1 (ko) | 블록체인 기반 사용자 인증 방법 | |
US8755521B2 (en) | Security method and system for media playback devices | |
CN114553557A (zh) | 密钥调用方法、装置、计算机设备和存储介质 | |
CN113285934A (zh) | 基于数字签名的服务器密码机客户端ip检测方法及装置 | |
KR100681005B1 (ko) | 키 로밍 방법 및 그를 위한 시스템 | |
JP3436476B2 (ja) | 認証用暗号鍵変更方法 | |
CN117118759B (zh) | 用户控制服务器端密钥可靠使用的方法 | |
CN114866317B (zh) | 多方的数据安全计算方法、装置、电子设备和存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Open date: 20030827 |