CN1439207A - 用于建立可核查身份而又保密的平台和方法 - Google Patents

用于建立可核查身份而又保密的平台和方法 Download PDF

Info

Publication number
CN1439207A
CN1439207A CN01811981.6A CN01811981A CN1439207A CN 1439207 A CN1439207 A CN 1439207A CN 01811981 A CN01811981 A CN 01811981A CN 1439207 A CN1439207 A CN 1439207A
Authority
CN
China
Prior art keywords
proof
platform
key
assumed name
hashed value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN01811981.6A
Other languages
English (en)
Inventor
C·埃利森
J·苏顿二世
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Publication of CN1439207A publication Critical patent/CN1439207A/zh
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3265Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms

Abstract

在一个实施方案中,描述了一种利用一个化名来保护平台和用户身份的方法。该方法包括产生一个包括一个公共化名密钥的化名。该公共化名密钥被放置到一个证明模板中。对证明模板进行一个散列运算,产生一个证明散列值,从平台上对其进行变换。随后,向该平台返回一个签署结果。该签署结果是该变换的证明散列值的一个数字签名。对该签署结果进行一个逆变换后,就恢复了该证明散列值的一个数字签名。该数字签名可以用于此后利用该化名进行的通讯中的数据完整性检查。

Description

用于建立可核查身份而又保密的平台和方法
发明领域
本发明涉及的是数据安全领域。特别是,本发明涉及一种平台和方法,通过建立和使用化名来保护该平台的身份。
发明背景
技术的发展,为许多不同于传统贸易方式的应用提供了许多机会。电子商务(e-commerce)和企业对企业(B2B)的交易越来越普及,以很快的速度达成全球市场。不幸的是,在诸如计算机的电子平台为用户提供方便有效的贸易、通讯和交易的同时,也容易受到肆无忌惮的攻击。这一弱点在很大程度上使内容提供者不愿意以一种下载的数字形式来提供其内容。
当前,已经提出了多种验证一个平台身份的机制。这对于确定平台是否是一个“委托”装置,即该平台是否配置为防止在未授权的情况下以一种非加密的格式来拷贝数字内容,是特别有用的。一种验证方法包括使用一个分配给一个平台的唯一的序列号来识别该平台。另一完全不同于上述方法或与上述方法协同操作的验证方法包括采用一个永久密钥对。该密钥对包括(i)一个识别该平台的唯一公共密钥,和(ii)一个私用密钥,永久存储在该委托装置的存储器中。该私用密钥是秘密的,不向委托装置的外部提供。但是,这些验证方法都有一些缺陷。
例如,这些验证方法仍会受到数据收集攻击。“数据收集”涉及对一段时间内从一个平台发送的数据的采集和分析。这样,采用平台序列号和永久密钥来进行识别,近来已经产生对用户秘密的担忧。而且,对于上述两种机制,一个用户不能方便和可靠地以一种通用形式访问和使用平台身份。
附图简述
根据下面对本发明的详细描述,可以清楚地了解本发明的特征和优势,其中:
图1是利用本发明的一个系统的说明性实施方案的模块图。
图2是图1中的第一个平台所采用的委托逻辑的说明性实施方案的模块图。
图3是描述图1中的第一个平台中产生的化名的分配和使用的说明性实施方案的流程图。
图4和5是产生和验证化名的说明性实施方案的流程图。
详细说明
本发明涉及一种平台和方法,通过产生和使用化名来保护平台的身份。此处,阐明了某些细节,以便对本发明的有一个透彻的理解。但是,显然,对于本领域的技术人员来讲,可以通过许多不同于所描述的实施方案来实施本发明。为了避免对本发明造成不必要的混淆,对于众所周知的电路和加密技术不做详述。
在下面的描述中,利用一些术语来讨论本发明的某些特征。例如,一个“平台”包括处理信息的硬件和/或软件。平台的例子包括,但不局限于或限制于下列任何情况:一台计算机(如台式机、膝上型电脑、手提式电脑、服务器、工作站等);数据传输设备(如路由器、转换器、传真机等),无线设备(如移动电话基站、电话送受话器等等);或者电视机顶盒。“软件”包括代码,当被执行时,实施某一功能。“信息”定义为一个或多个数据、地址和/或控制的位。
关于加密功能,一种“加密运算”是用于在信息上附加安全性的运算。这些运算可能包括加密、解密、散列计算等等。在某些情况下,加密运算需要使用一个密钥,即一个位序列。对于不对称密钥加密术,将一个装置与包含一个公共密钥和一个私用密钥的唯一永久密钥对相关联。
此外,不对称密钥加密术通常利用一个根证明。一个“根证明”是最初产生一个数字证明链时的一个公共密钥,并为随后所有的数字证明提供一个起始点。通常,一个“数字证明”包括用来验证一个信息发送者的信息。例如,根据CCITT Recommendation X.509:TheDirectory-Authentication Framework(1988),一个数字证明可以包括关于一个被验证的,即利用一个认证授权的私用密钥进行加密的个人或团体的信息(如一个密钥)。一个“认证机关”的例子包括一个原始设备制造商(OEM)、一个软件销售者、一个商贸协会、一个政府机构、一个银行或其它委托公司或个人。一个“数字证明链”包括一个如下所述的为认证而安排的两个或多个数字证明的规则序列,其中每个连续的证明代表先前证明的发出者。
一个“数字签名”包括利用其签署人的一个私用密钥签署的数字信息,来保证该数字信息在数字签名后没有被非法修改过。可以以其完整形式,或者以一个由单向散列运算产生的一个散列形式来提供该数字信息。
一个“散列运算”是将信息单向变换为一个被称为一个“散列值”的固定长度的表示。通常,该散列值在尺寸上充分小于原始信息。在有些情况下,可以进行一个1∶1的原始信息变换。术语“单向”是指没有反函数来恢复该固定长度的散列值的原始信息中任何可辨别的部分。一个散列函数的例子包括California Redwood City的RSA DataSecurity提供的MD5,或Secure Hash Algorithm(SHA-1),被指定为1995年出版的标题为“Federal Information ProcessingStandards Publication”的Secure Hash Standard FIPS 180-1(1995年4月17日)。
参考图1,图中显示了一个利用本发明的系统100的说明性实施方案模块图。系统100包括一个第一平台110和一个第二平台120。第一平台110是通过一个连接130与第二平台120进行通讯。一个“连接”被概括定义为一个或多个信息传送媒体(如电线、光纤、电缆、总线或无线信号技术)。当用户需要时,第一平台110产生并向第二平台120发送一个化名公共密钥140(下面描述)。在响应中,当可利用时,第二平台负责确认该化名公共密钥140是在第一平台110中由一个委托装置150来产生的。
现在参考图2,在一个实施方案中,委托装置150包括硬件和/或保护的软件。当采用访问控制策略来防止未授权的对软件的任何程序和子程序进行访问时,确信软件是“受保护的”。更确切地讲,装置150是一个或多个防止其它逻辑的窜改和窃取的集成电路。可以将该集成电路放置在一个单一集成电路(IC)插件或多IC插件中。一个插件提供附加的窜改保护。当然,如果不需附加的保护,可以采用没有IC插件的装置150。
这里,装置150包括一个处理单元200和一个永久存储器210(如非易失存储器、电池支持的随机访问存储器“RAM”等等)。处理单元200是由内部处理信息的软件来控制的硬件。例如,处理单元200可以进行散列运算、进行逻辑运算(如乘法、除法等等)、和/或通过使用数字签名算法进行数字签署信息来产生一个数字签名。永久存储器210包含一个在制造过程中编程的唯一的不对称密钥对220。用于核实化名,不对称密钥对220包括一个公共密钥(PUKPI)230和一个私用密钥(PRKPI)240。永久存储器210可以进一步包括第二平台120的一个公共密钥250(PUKP2),尽管如果可适用的话,它可以被放置在装置150中的易失存储器(如RAM、寄存器组等等)中。
在该实施方案中,装置150进一步包括多个发生器260,如一个随机数发生器,或一个伪随机数发生器。数据发生器260负责产生一个比特流,至少部分地用于产生一个或多个化名。一个“化名”是一个另外的密钥对形式的别名身份,该密钥对用来建立与另一个平台之间的受保护的通讯,并确认其平台包括了委托装置150。化名还支持一个询问/响应协议和一个许可绑定、保密和其它对特定平台的访问控制信息。但是,数据发生器260也可从装置150的外部使用。在这种情况下,如果数据发生器260和装置150之间的通讯是受到保护的,则通过平台110可以实现更大的安全性。
参考图3,图中显示了说明一个化名的分配合使用的说明性实施方案。为了全面保护用户的机密,用户应当能够切实地控制化名的产生、分配和删除。这样,在用户明确应允后,产生一个新的化名(模块300和310)。而且,为了访问用来核实一个现有化名的信息(如标记、公共密钥等),需要用户明确的应允(模块320和330)。可以通过向委托装置提供一个许可短语(如包含文字和数字的字符串)、一个符号和/或一个生物统计特征,来给出明确的用户应允。例如,在一个实施方案中,可以通过一个用户输入装置(如键盘、鼠标、袖珍键盘、操纵杆、触摸垫、跟踪球等等)来输入一个用户许可短语,并将其传送到委托装置。在另一个实施方案中,逻辑电路外部的存储器可以包含具有用户的许可短语的一个散列值加密的化名。这些化名都可以通过再次提供用户的许可短语来解密。
一旦产生了化名并配置为用来与一个远方平台进行通讯,对于平台/平台的通讯,只要用户选择保持该化名,那么该化名就代表该平台的身份(模块340,350和360)。
参考图4和5,图中显示了产生和验证化名的说明性实施方案的流程图。开始时,接收到一个用户的请求后,立即由装置结合一个数字产生化名(模块400)。一个化名公共密钥(PPUKP1)被放置到一个数字证明模板中(模块405)。该数字证明模板可以存储在第一平台内部,或由第二平台根据第一平台的验证请求来提供。因此,该数字证明模板经过一个散列运算,产生一个证明散列值(模块410)。
随后,该验证散列值经过一个类似于美国专利No.4,759,063和4,759,064中所描述的变换,来创建一个“不可见的”证明散列值(模块415)。特别是,将该证明散列值乘以一个伪随机数(例如,将一个预定数据提升到一个伪随机选择的幂次)。该伪随机幂在第一平台中是保密的(如放置在图2中的永久存储器210中)。
产生一个至少包括该变换的(或不可见的)证明散列值的验证请求(模块420)。该验证请求是利用第一平台的私用密钥(PRKP1)来数字签署的(模块425)。取回或产生一个装置证明,即第一实施方案中的包含公共密钥(PUKP1)的一个数字证明链,与签署的验证请求放在一起(模块430)。在该实施方案中,装置证明的特征是具有一个包含PUKP1的高层证明和包括根证明的最低层证明。当然,该装置证明可以是一个包含PUKP1的单一数字证明。签署的验证请求和装置证明都利用第二平台的公共密钥(PUKP2)来加密,然后传送到第二平台(模块435和440)。
在第二平台中,利用第二平台的私用密钥(PRKP2)解密后恢复签署的验证请求和装置证明(模块445)。可以利用负责签署装置证明的证明管理部门的一个公共密钥来获得第一平台的公共密钥(PUKP1)(模块445)。如果第二平台可以恢复证明请求,则第二平台对装置证明一直向回验证到根证明(模块455和460)。如果恢复了证明请求并验证了装置证明,则数字签署变换的(或不可见的)证明散列值,以产生一个“签署结果”(模块465)。否则,如果不能确定变换的(或不可见的)证明散列值,或不能验证装置证明,则向第一平台返回一个出错信息(模块470)。
从第二平台接收到签字的结果之后,第一平台对该信号结果进行一个反变换。例如,在该说明性实施方案中,第一平台将签署的信号除以一个伪随机数的倒数(例如预定的数据的伪随机数的相反幂次),来恢复一个证明散列值的数字签名(模块475和480)。该数字签名与一个或多个化名一同存储,用于以后与其它平台的通讯,来确定第一平台包括一个委托装置。
至此,参照说明性的实施方案对本发明进行了描述,但该说明并不是一个限制。显然对于本领域的熟练人员而言,只要不超出本发明的宗旨和范围,可以对该说明性实施方案进行多种修正,以及采用其它的实施方案。

Claims (20)

1.一种方法,包括:
在一个平台中产生一个包含一个公共化名密钥的化名;
将该公共化名密钥放入一个证明模板中;
对该证明模板进行一个散列运算,产生一个证明散列值;
对该证明散列值进行一个变换,用于从平台向外的传送;
接收一个签署结果,该结果是用于变换的证明散列值的数字签名;和
对该签署结果进行一个反变换,恢复该证明散列值的一个数字签名。
2.依照权利要求1的方法,其中产生化名的步骤包括产生公共化名密钥和一个对应于该公共化名密钥的私用化名密钥。
3.依照权利要求1的方法,其中将该公共化名密钥放入一个证明模板中的步骤包括将该公共化名密钥写入到证明模板的一个字段中。
4.依照权利要求1的方法,其中进行变换的步骤包括:
利用一个伪随机数对证明散列值进行一个逻辑运算,产生一个不同于证明散列值的值。
5.依照权利要求4的方法,其中该伪随机数是升高到由一个伪随机值指定的相反幂次的预定数值。
6.依照权利要求5的方法,其中该伪随机值被存储在安全存储器中。
7.依照权利要求4的方法,其中进行反变换的步骤包括利用伪随机数的倒数对签署结果进行一个逻辑运算。
8.依照权利要求1的方法,其中在接收数字签名之前,该方法包括:
利用第一平台的一个私用密钥,数字签署一个包括变换的散列值证明请求,来产生一个签署的证明请求。
9.依照权利要求8的方法,其中在接收数字签名之前,该方法进一步包括:
与该签署的证明一起,获得一个装置证明,即一个包括一个第一平台的一个公共密钥的数字证明链。
10.依照权利要求9的方法,其中在接收数字签名之前,该方法进一步包括:
将签署的证明请求和装置证明传送到一个第二平台
11.依照权利要求1的方法,进一步包括:
存储该证明散列值得数字签名,用于此后与一个远处的平台进行通讯。
12.一种装置,包括
一个处理单元;和
一个永久存储器,包括一个第一密钥对和至少一个化名,用来与一个远方装置通讯和确定一个包含该装置的平台是安全的。
13.依照权利要求12的装置,其中该至少一个化名包括一个第二密钥对。
14.依照权利要求13的装置,其中在一次与远方装置的通讯对话结束后删除该第二密钥对。
15.依照权利要求12的装置,进一步包括:
一个数字发生器,辅助产生该至少一个化名。
16.一种平台,包括:
一个收发器器;和
一个与该收发器通讯的装置,该装置包括一个永久存储器,来存储一个永久密钥对、至少一个在装置内部产生的化名、和一个数字证明链的散列值的数字签名,该数字证明链包含化名的一个公共化名密钥。
17.依照权利要求16的平台,其中装置进一步包括:
一个处理单元,(i)将公共化名写入到一个证明模板中,(ii)对该证明模板进行一个散列运算,产生一个证明散列值;(iii)对该证明散列值进行一个变换。
18.依照权利要求17的平台,其中装置的处理单元利用一个永久密钥对,进一步至少产生变换的证明散列值的一个数字签名
19.依照权利要求16的平台,其中装置的处理单元进一步利用该变换的证明散列值的数字签名附加一个装置证明。
20.依照权利要求19的平台,其中该装置证明是一个数字证明链。
CN01811981.6A 2000-06-28 2001-06-14 用于建立可核查身份而又保密的平台和方法 Pending CN1439207A (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/605,605 2000-06-28
US09/605,605 US6976162B1 (en) 2000-06-28 2000-06-28 Platform and method for establishing provable identities while maintaining privacy

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201110050584.XA Division CN102111274B (zh) 2000-06-28 2001-06-14 用于建立可核查身份而又保密的平台和方法

Publications (1)

Publication Number Publication Date
CN1439207A true CN1439207A (zh) 2003-08-27

Family

ID=24424404

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201110050584.XA Expired - Fee Related CN102111274B (zh) 2000-06-28 2001-06-14 用于建立可核查身份而又保密的平台和方法
CN01811981.6A Pending CN1439207A (zh) 2000-06-28 2001-06-14 用于建立可核查身份而又保密的平台和方法

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201110050584.XA Expired - Fee Related CN102111274B (zh) 2000-06-28 2001-06-14 用于建立可核查身份而又保密的平台和方法

Country Status (5)

Country Link
US (2) US6976162B1 (zh)
EP (1) EP1297655A2 (zh)
CN (2) CN102111274B (zh)
AU (1) AU2001266942A1 (zh)
WO (1) WO2002001794A2 (zh)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101394268B (zh) * 2008-09-12 2011-05-18 华南理工大学 基于广义信息域的高级加密系统及方法
CN101308538B (zh) * 2007-05-14 2012-10-03 三星电子株式会社 检查固件完整性的方法和设备
US11301583B2 (en) * 2019-10-09 2022-04-12 Mastercard International Incorporated Method and system for protection of customer PII via cryptographic tokens

Families Citing this family (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020049681A1 (en) * 2000-07-20 2002-04-25 International Business Machines Corporation Secure anonymous verification, generation and/or proof of ownership of electronic receipts
JP2003228915A (ja) * 2002-02-01 2003-08-15 Sony Corp 再生制御方法、プログラム、記録媒体
US7124273B2 (en) 2002-02-25 2006-10-17 Intel Corporation Method and apparatus for translating guest physical addresses in a virtual machine environment
US7069442B2 (en) 2002-03-29 2006-06-27 Intel Corporation System and method for execution of a secured environment initialization instruction
US7165181B2 (en) * 2002-11-27 2007-01-16 Intel Corporation System and method for establishing trust without revealing identity
US7461260B2 (en) * 2002-12-31 2008-12-02 Intel Corporation Methods and apparatus for finding a shared secret without compromising non-shared secrets
US7370212B2 (en) 2003-02-25 2008-05-06 Microsoft Corporation Issuing a publisher use license off-line in a digital rights management (DRM) system
CN100337442C (zh) * 2003-06-27 2007-09-12 华为技术有限公司 一种在无线局域网中进行数据完整性保护的方法
US8079034B2 (en) 2003-09-15 2011-12-13 Intel Corporation Optimizing processor-managed resources based on the behavior of a virtual machine monitor
US7739521B2 (en) 2003-09-18 2010-06-15 Intel Corporation Method of obscuring cryptographic computations
KR100915768B1 (ko) * 2003-10-17 2009-09-04 인터내셔널 비지네스 머신즈 코포레이션 컴퓨터 프로그램 소자, 컴퓨터 프로그램 매체, 사용자입증-서명 값 생성용 입증 값 발행 방법 및 시스템
US7822689B2 (en) * 2003-10-17 2010-10-26 International Business Machines Corporation Maintaining privacy for transactions performable by a user device having a security module
US8156343B2 (en) 2003-11-26 2012-04-10 Intel Corporation Accessing private data about the state of a data processing machine from storage that is publicly accessible
US8037314B2 (en) 2003-12-22 2011-10-11 Intel Corporation Replacing blinded authentication authority
US20060242406A1 (en) 2005-04-22 2006-10-26 Microsoft Corporation Protected computing environment
US7298872B2 (en) * 2004-08-17 2007-11-20 Shawn Glisson Electronic identification system for form location, organization, and endorsment
US8347078B2 (en) * 2004-10-18 2013-01-01 Microsoft Corporation Device certificate individualization
US8176564B2 (en) 2004-11-15 2012-05-08 Microsoft Corporation Special PC mode entered upon detection of undesired state
US8464348B2 (en) 2004-11-15 2013-06-11 Microsoft Corporation Isolated computing environment anchored into CPU and motherboard
US8336085B2 (en) 2004-11-15 2012-12-18 Microsoft Corporation Tuning product policy using observed evidence of customer behavior
US8924728B2 (en) 2004-11-30 2014-12-30 Intel Corporation Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information
US8533777B2 (en) 2004-12-29 2013-09-10 Intel Corporation Mechanism to determine trust of out-of-band management agents
US8438645B2 (en) 2005-04-27 2013-05-07 Microsoft Corporation Secure clock with grace periods
US8725646B2 (en) 2005-04-15 2014-05-13 Microsoft Corporation Output protection levels
US9436804B2 (en) 2005-04-22 2016-09-06 Microsoft Technology Licensing, Llc Establishing a unique session key using a hardware functionality scan
US9363481B2 (en) 2005-04-22 2016-06-07 Microsoft Technology Licensing, Llc Protected media pipeline
US20060265758A1 (en) 2005-05-20 2006-11-23 Microsoft Corporation Extensible media rights
US8353046B2 (en) 2005-06-08 2013-01-08 Microsoft Corporation System and method for delivery of a modular operating system
EP1750389B1 (en) * 2005-08-05 2007-09-26 Sap Ag System and method for updating keys used for public key cryptography
US7809957B2 (en) 2005-09-29 2010-10-05 Intel Corporation Trusted platform module for generating sealed data
US7849312B2 (en) * 2006-03-24 2010-12-07 Atmel Corporation Method and system for secure external TPM password generation and use
US20070226514A1 (en) * 2006-03-24 2007-09-27 Atmel Corporation Secure biometric processing system and method of use
US20070237366A1 (en) * 2006-03-24 2007-10-11 Atmel Corporation Secure biometric processing system and method of use
KR20080058833A (ko) * 2006-12-22 2008-06-26 삼성전자주식회사 개인 정보 보호 장치 및 방법
US7882358B2 (en) * 2007-01-15 2011-02-01 Microsoft Corporation Reversible hashing for E-signature verification
US8001383B2 (en) 2007-02-01 2011-08-16 Microsoft Corporation Secure serial number
US7958057B2 (en) * 2007-03-28 2011-06-07 King Fahd University Of Petroleum And Minerals Virtual account based new digital cash protocols with combined blind digital signature and pseudonym authentication
US7877331B2 (en) * 2007-09-06 2011-01-25 King Fahd University Of Petroleum & Minerals Token based new digital cash protocols with combined blind digital signature and pseudonym authentication
US20110289322A1 (en) * 2007-12-14 2011-11-24 Rasti Mehran Protected use of identity identifier objects
CN102082664A (zh) * 2009-11-30 2011-06-01 腾讯科技(深圳)有限公司 网络数据安全传输系统及方法
JP2013525877A (ja) * 2010-04-16 2013-06-20 ノキア シーメンス ネットワークス オサケユキチュア 仮想アイデンティティ
WO2011153539A1 (en) * 2010-06-04 2011-12-08 Northwestern University Pseudonymous public keys based authentication
GB2496841B (en) * 2011-11-15 2016-07-20 Rosberg System As Method of securing a computing device
US10248429B2 (en) * 2014-04-25 2019-04-02 Hewlett Packard Enterprise Development Lp Configuration based on a blueprint
CN105610848B (zh) * 2016-01-08 2018-05-25 北京工业大学 具备源数据安全保障机制的集中式数据保全方法及系统
US20190014095A1 (en) * 2017-07-06 2019-01-10 At&T Intellectual Property I, L.P. Facilitating provisioning of an out-of-band pseudonym over a secure communication channel
CN111684764B (zh) * 2018-02-05 2023-07-04 Lg 电子株式会社 使用盲激活码进行数字证书撤销的密码方法和系统
US10841080B2 (en) * 2018-03-20 2020-11-17 International Business Machines Corporation Oblivious pseudorandom function in a key management system
US10887088B2 (en) * 2018-03-20 2021-01-05 International Business Machines Corporation Virtualizing a key hierarchy using a partially-oblivious pseudorandom function (P-OPRF)
US10887293B2 (en) 2018-03-20 2021-01-05 International Business Machines Corporation Key identifiers in an obliviousness pseudorandom function (OPRF)-based key management service (KMS)
US11115206B2 (en) 2018-08-23 2021-09-07 International Business Machines Corporation Assymetric structured key recovering using oblivious pseudorandom function
US10924267B2 (en) 2018-08-24 2021-02-16 International Business Machines Corporation Validating keys derived from an oblivious pseudorandom function
CN113486388B (zh) * 2021-09-06 2021-11-26 江苏翔晟信息技术股份有限公司 基于分离式秘钥存储的电子签章签署系统及方法

Family Cites Families (203)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3699532A (en) 1970-04-21 1972-10-17 Singer Co Multiprogramming control for a data handling system
US3996449A (en) 1975-08-25 1976-12-07 International Business Machines Corporation Operating system authenticator
US4162536A (en) 1976-01-02 1979-07-24 Gould Inc., Modicon Div. Digital input/output system and method
US4037214A (en) 1976-04-30 1977-07-19 International Business Machines Corporation Key register controlled accessing system
US4247905A (en) * 1977-08-26 1981-01-27 Sharp Kabushiki Kaisha Memory clear system
US4278837A (en) 1977-10-31 1981-07-14 Best Robert M Crypto microprocessor for executing enciphered programs
US4276594A (en) * 1978-01-27 1981-06-30 Gould Inc. Modicon Division Digital computer with multi-processor capability utilizing intelligent composite memory and input/output modules and method for performing the same
US4207609A (en) 1978-05-08 1980-06-10 International Business Machines Corporation Method and means for path independent device reservation and reconnection in a multi-CPU and shared device access system
JPS5576447A (en) 1978-12-01 1980-06-09 Fujitsu Ltd Address control system for software simulation
US4307447A (en) 1979-06-19 1981-12-22 Gould Inc. Programmable controller
US4319323A (en) * 1980-04-04 1982-03-09 Digital Equipment Corporation Communications device for data processing system
US4419724A (en) 1980-04-14 1983-12-06 Sperry Corporation Main bus interface package
US4366537A (en) 1980-05-23 1982-12-28 International Business Machines Corp. Authorization mechanism for transfer of program control or data between different address spaces having different storage protect keys
US4403283A (en) 1980-07-28 1983-09-06 Ncr Corporation Extended memory system and method
DE3034581A1 (de) 1980-09-13 1982-04-22 Robert Bosch Gmbh, 7000 Stuttgart Auslesesicherung bei einchip-mikroprozessoren
JPS58140862A (ja) 1982-02-16 1983-08-20 Toshiba Corp 相互排他方式
US4521852A (en) * 1982-06-30 1985-06-04 Texas Instruments Incorporated Data processing device formed on a single semiconductor substrate having secure memory
JPS59111561A (ja) * 1982-12-17 1984-06-27 Hitachi Ltd 複合プロセツサ・システムのアクセス制御方式
US4759064A (en) 1985-10-07 1988-07-19 Chaum David L Blind unanticipated signature systems
US4759063A (en) * 1983-08-22 1988-07-19 Chaum David L Blind signature systems
GB8414518D0 (en) * 1984-06-07 1984-07-11 Pfizer Ltd Therapeutic agents
US4975836A (en) 1984-12-19 1990-12-04 Hitachi, Ltd. Virtual computer system
JPS61206057A (ja) 1985-03-11 1986-09-12 Hitachi Ltd アドレス変換装置
FR2592510B1 (fr) * 1985-12-31 1988-02-12 Bull Cp8 Procede et appareil pour certifier des services obtenus a l'aide d'un support portatif tel qu'une carte a memoire
FR2601476B1 (fr) * 1986-07-11 1988-10-21 Bull Cp8 Procede pour authentifier une donnee d'habilitation externe par un objet portatif tel qu'une carte a memoire
FR2601525B1 (fr) 1986-07-11 1988-10-21 Bull Cp8 Dispositif de securite interdisant le fonctionnement d'un ensemble electronique apres une premiere coupure de son alimentation electrique
FR2601535B1 (fr) * 1986-07-11 1988-10-21 Bull Cp8 Procede pour certifier l'authenticite d'une donnee echangee entre deux dispositifs connectes en local ou a distance par une ligne de transmission
FR2618002B1 (fr) * 1987-07-10 1991-07-05 Schlumberger Ind Sa Procede et systeme d'authentification de cartes a memoire electronique
US5007082A (en) * 1988-08-03 1991-04-09 Kelly Services, Inc. Computer software encryption apparatus
US5079737A (en) * 1988-10-25 1992-01-07 United Technologies Corporation Memory management unit for the MIL-STD 1750 bus
US5434999A (en) 1988-11-09 1995-07-18 Bull Cp8 Safeguarded remote loading of service programs by authorizing loading in protected memory zones in a terminal
FR2640798B1 (fr) 1988-12-20 1993-01-08 Bull Cp8 Dispositif de traitement de donnees comportant une memoire non volatile electriquement effacable et reprogrammable
JPH02171934A (ja) 1988-12-26 1990-07-03 Hitachi Ltd 仮想計算機システム
JPH02208740A (ja) 1989-02-09 1990-08-20 Fujitsu Ltd 仮想計算機制御方式
US5442645A (en) 1989-06-06 1995-08-15 Bull Cp8 Method for checking the integrity of a program or data, and apparatus for implementing this method
JP2590267B2 (ja) * 1989-06-30 1997-03-12 株式会社日立製作所 仮想計算機における表示制御方式
US5022077A (en) * 1989-08-25 1991-06-04 International Business Machines Corp. Apparatus and method for preventing unauthorized access to BIOS in a personal computer system
JP2825550B2 (ja) 1989-09-21 1998-11-18 株式会社日立製作所 多重仮想空間アドレス制御方法および計算機システム
CA2010591C (en) 1989-10-20 1999-01-26 Phillip M. Adams Kernels, description tables and device drivers
CA2027799A1 (en) 1989-11-03 1991-05-04 David A. Miller Method and apparatus for independently resetting processors and cache controllers in multiple processor systems
US5075842A (en) 1989-12-22 1991-12-24 Intel Corporation Disabling tag bit recognition and allowing privileged operations to occur in an object-oriented memory protection mechanism
EP0473913A3 (en) 1990-09-04 1992-12-16 International Business Machines Corporation Method and apparatus for providing a service pool of virtual machines for a plurality of vm users
US5108590A (en) 1990-09-12 1992-04-28 Disanto Dennis Water dispenser
US5230069A (en) 1990-10-02 1993-07-20 International Business Machines Corporation Apparatus and method for providing private and shared access to host address and data spaces by guest programs in a virtual machine computer system
US5317705A (en) * 1990-10-24 1994-05-31 International Business Machines Corporation Apparatus and method for TLB purge reduction in a multi-level machine system
US5287363A (en) 1991-07-01 1994-02-15 Disk Technician Corporation System for locating and anticipating data storage media failures
US5437033A (en) 1990-11-16 1995-07-25 Hitachi, Ltd. System for recovery from a virtual machine monitor failure with a continuous guest dispatched to a nonguest mode
US5255379A (en) 1990-12-28 1993-10-19 Sun Microsystems, Inc. Method for automatically transitioning from V86 mode to protected mode in a computer system using an Intel 80386 or 80486 processor
US5453003A (en) * 1991-01-09 1995-09-26 Pfefferle; William C. Catalytic method
US5446904A (en) 1991-05-17 1995-08-29 Zenith Data Systems Corporation Suspend/resume capability for a protected mode microprocessor
JPH04348434A (ja) 1991-05-27 1992-12-03 Hitachi Ltd 仮想計算機システム
US5522075A (en) * 1991-06-28 1996-05-28 Digital Equipment Corporation Protection ring extension for computers having distinct virtual machine monitor and virtual machine address spaces
US5319760A (en) * 1991-06-28 1994-06-07 Digital Equipment Corporation Translation buffer for virtual machines with address space match
US5455909A (en) 1991-07-05 1995-10-03 Chips And Technologies Inc. Microprocessor with operation capture facility
JPH06236284A (ja) * 1991-10-21 1994-08-23 Intel Corp コンピュータシステム処理状態を保存及び復元する方法及びコンピュータシステム
US5627987A (en) * 1991-11-29 1997-05-06 Kabushiki Kaisha Toshiba Memory management and protection system for virtual memory in computer system
US5574936A (en) 1992-01-02 1996-11-12 Amdahl Corporation Access control mechanism controlling access to and logical purging of access register translation lookaside buffer (ALB) in a computer system
US5486529A (en) * 1992-04-16 1996-01-23 Zeneca Limited Certain pyridyl ketones for treating diseases involving leukocyte elastase
US5421006A (en) * 1992-05-07 1995-05-30 Compaq Computer Corp. Method and apparatus for assessing integrity of computer system software
US5610981A (en) 1992-06-04 1997-03-11 Integrated Technologies Of America, Inc. Preboot protection for a data security system with anti-intrusion capability
US5237616A (en) 1992-09-21 1993-08-17 International Business Machines Corporation Secure computer system having privileged and unprivileged memories
US5293424A (en) * 1992-10-14 1994-03-08 Bull Hn Information Systems Inc. Secure memory card
US5796835A (en) 1992-10-27 1998-08-18 Bull Cp8 Method and system for writing information in a data carrier making it possible to later certify the originality of this information
EP0600112A1 (de) 1992-11-30 1994-06-08 Siemens Nixdorf Informationssysteme Aktiengesellschaft Datenverarbeitungsanlage mit virtueller Speicheradressierung und schlüsselgesteuertem Speicherzugriff
JP2765411B2 (ja) * 1992-11-30 1998-06-18 株式会社日立製作所 仮想計算機方式
US5668971A (en) 1992-12-01 1997-09-16 Compaq Computer Corporation Posted disk read operations performed by signalling a disk read complete to the system prior to completion of data transfer
EP0602867A1 (en) 1992-12-17 1994-06-22 NCR International, Inc. An apparatus for securing a system platform
JPH06187178A (ja) 1992-12-18 1994-07-08 Hitachi Ltd 仮想計算機システムの入出力割込み制御方法
US5483656A (en) 1993-01-14 1996-01-09 Apple Computer, Inc. System for managing power consumption of devices coupled to a common bus
US5469557A (en) 1993-03-05 1995-11-21 Microchip Technology Incorporated Code protection in microcontroller with EEPROM fuses
FR2703800B1 (fr) 1993-04-06 1995-05-24 Bull Cp8 Procédé de signature d'un fichier informatique, et dispositif pour la mise en Óoeuvre.
FR2704341B1 (fr) 1993-04-22 1995-06-02 Bull Cp8 Dispositif de protection des clés d'une carte à puce.
JPH06348867A (ja) * 1993-06-04 1994-12-22 Hitachi Ltd マイクロコンピュータ
FR2706210B1 (fr) * 1993-06-08 1995-07-21 Bull Cp8 Procédé d'authentification d'un objet portatif par un terminal hors ligne, objet portatif et terminal correspondants.
NL9301348A (nl) 1993-08-02 1995-03-01 Stefanus Alfonsus Brands Elektronisch betalingssysteem.
US5555385A (en) 1993-10-27 1996-09-10 International Business Machines Corporation Allocation of address spaces within virtual machine compute system
US5825880A (en) 1994-01-13 1998-10-20 Sudia; Frank W. Multi-step digital signature method and system
US5459869A (en) 1994-02-17 1995-10-17 Spilo; Michael L. Method for providing protected mode services for device drivers and other resident software
US5511121A (en) * 1994-02-23 1996-04-23 Bell Communications Research, Inc. Efficient electronic money
US5604805A (en) 1994-02-28 1997-02-18 Brands; Stefanus A. Privacy-protected transfer of electronic information
FR2717286B1 (fr) * 1994-03-09 1996-04-05 Bull Cp8 Procédé et dispositif pour authentifier un support de données destiné à permettre une transaction ou l'accès à un service ou à un lieu, et support correspondant.
US5684881A (en) 1994-05-23 1997-11-04 Matsushita Electric Industrial Co., Ltd. Sound field and sound image control apparatus and method
US5473692A (en) 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US5539828A (en) 1994-05-31 1996-07-23 Intel Corporation Apparatus and method for providing secured communications
US5533123A (en) 1994-06-28 1996-07-02 National Semiconductor Corporation Programmable distributed personal security
JPH0883211A (ja) 1994-09-12 1996-03-26 Mitsubishi Electric Corp データ処理装置
DE69534757T2 (de) 1994-09-15 2006-08-31 International Business Machines Corp. System und Verfahren zur sicheren Speicherung und Verteilung von Daten unter Verwendung digitaler Unterschriften
US6058478A (en) * 1994-09-30 2000-05-02 Intel Corporation Apparatus and method for a vetted field upgrade
FR2725537B1 (fr) 1994-10-11 1996-11-22 Bull Cp8 Procede de chargement d'une zone memoire protegee d'un dispositif de traitement de l'information et dispositif associe
US5903752A (en) * 1994-10-13 1999-05-11 Intel Corporation Method and apparatus for embedding a real-time multi-tasking kernel in a non-real-time operating system
US5606617A (en) 1994-10-14 1997-02-25 Brands; Stefanus A. Secret-key certificates
US5564040A (en) 1994-11-08 1996-10-08 International Business Machines Corporation Method and apparatus for providing a server function in a logically partitioned hardware machine
US5560013A (en) 1994-12-06 1996-09-24 International Business Machines Corporation Method of using a target processor to execute programs of a source architecture that uses multiple address spaces
US5555414A (en) 1994-12-14 1996-09-10 International Business Machines Corporation Multiprocessing system including gating of host I/O and external enablement to guest enablement at polling intervals
US5615263A (en) * 1995-01-06 1997-03-25 Vlsi Technology, Inc. Dual purpose security architecture with protected internal operating system
US5764969A (en) * 1995-02-10 1998-06-09 International Business Machines Corporation Method and system for enhanced management operation utilizing intermixed user level and supervisory level instructions with partial concept synchronization
FR2731536B1 (fr) * 1995-03-10 1997-04-18 Schlumberger Ind Sa Procede d'inscription securisee d'informations dans un support portable
AU4958396A (en) * 1995-03-27 1996-10-16 Stefanus Alfonsus Brands System for ensuring that the blinding of secret-key certific ates is restricted, even if the issuing protocol is performe d in parallel mode
US5717903A (en) * 1995-05-15 1998-02-10 Compaq Computer Corporation Method and appartus for emulating a peripheral device to allow device driver development before availability of the peripheral device
CN1104118C (zh) 1995-05-19 2003-03-26 西门子公司 计算机支持的在两个计算机之间的密码交换方法
JP3451595B2 (ja) 1995-06-07 2003-09-29 インターナショナル・ビジネス・マシーンズ・コーポレーション 二つの別個の命令セット・アーキテクチャへの拡張をサポートすることができるアーキテクチャ・モード制御を備えたマイクロプロセッサ
US5684948A (en) 1995-09-01 1997-11-04 National Semiconductor Corporation Memory management circuit which provides simulated privilege levels
US5633929A (en) 1995-09-15 1997-05-27 Rsa Data Security, Inc Cryptographic key escrow system having reduced vulnerability to harvesting attacks
US6093213A (en) 1995-10-06 2000-07-25 Advanced Micro Devices, Inc. Flexible implementation of a system management mode (SMM) in a processor
US5737760A (en) * 1995-10-06 1998-04-07 Motorola Inc. Microcontroller with security logic circuit which prevents reading of internal memory by external program
US5901229A (en) 1995-11-06 1999-05-04 Nippon Telegraph And Telephone Corp. Electronic cash implementing method using a trustee
JP3693721B2 (ja) * 1995-11-10 2005-09-07 Necエレクトロニクス株式会社 フラッシュメモリ内蔵マイクロコンピュータ及びそのテスト方法
US5657445A (en) 1996-01-26 1997-08-12 Dell Usa, L.P. Apparatus and method for limiting access to mass storage devices in a computer system
US5835594A (en) 1996-02-09 1998-11-10 Intel Corporation Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage
US5878138A (en) * 1996-02-12 1999-03-02 Microsoft Corporation System and method for detecting fraudulent expenditure of electronic assets
US5809546A (en) 1996-05-23 1998-09-15 International Business Machines Corporation Method for managing I/O buffers in shared storage by structuring buffer table having entries including storage keys for controlling accesses to the buffers
US6205550B1 (en) * 1996-06-13 2001-03-20 Intel Corporation Tamper resistant methods and apparatus
US6175925B1 (en) * 1996-06-13 2001-01-16 Intel Corporation Tamper resistant player for scrambled contents
US6178509B1 (en) * 1996-06-13 2001-01-23 Intel Corporation Tamper resistant methods and apparatus
US5729760A (en) * 1996-06-21 1998-03-17 Intel Corporation System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode
US5944821A (en) 1996-07-11 1999-08-31 Compaq Computer Corporation Secure software registration and integrity assessment in a computer system
US6199152B1 (en) 1996-08-22 2001-03-06 Transmeta Corporation Translated memory protection apparatus for an advanced microprocessor
US5740178A (en) 1996-08-29 1998-04-14 Lucent Technologies Inc. Software for controlling a reliable backup memory
US6055637A (en) * 1996-09-27 2000-04-25 Electronic Data Systems Corporation System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential
US5844986A (en) 1996-09-30 1998-12-01 Intel Corporation Secure BIOS
US5935242A (en) 1996-10-28 1999-08-10 Sun Microsystems, Inc. Method and apparatus for initializing a device
US5872844A (en) * 1996-11-18 1999-02-16 Microsoft Corporation System and method for detecting fraudulent expenditure of transferable electronic assets
US5852717A (en) 1996-11-20 1998-12-22 Shiva Corporation Performance optimizations for computer networks utilizing HTTP
DE19649292A1 (de) * 1996-11-28 1998-06-04 Deutsche Telekom Ag Verfahren zum Sichern eines durch eine Schlüsselhierarchie geschützten Systems
US5901225A (en) * 1996-12-05 1999-05-04 Advanced Micro Devices, Inc. System and method for performing software patches in embedded systems
US5757919A (en) * 1996-12-12 1998-05-26 Intel Corporation Cryptographically protected paging subsystem
JP4000654B2 (ja) 1997-02-27 2007-10-31 セイコーエプソン株式会社 半導体装置及び電子機器
US6557104B2 (en) * 1997-05-02 2003-04-29 Phoenix Technologies Ltd. Method and apparatus for secure processing of cryptographic keys
US6044478A (en) 1997-05-30 2000-03-28 National Semiconductor Corporation Cache with finely granular locked-down regions
US6075938A (en) * 1997-06-10 2000-06-13 The Board Of Trustees Of The Leland Stanford Junior University Virtual machine monitors for scalable multiprocessors
US6175924B1 (en) 1997-06-20 2001-01-16 International Business Machines Corp. Method and apparatus for protecting application data in secure storage areas
US6035374A (en) 1997-06-25 2000-03-07 Sun Microsystems, Inc. Method of executing coded instructions in a multiprocessor having shared execution resources including active, nap, and sleep states in accordance with cache miss latency
US6584565B1 (en) 1997-07-15 2003-06-24 Hewlett-Packard Development Company, L.P. Method and apparatus for long term verification of digital signatures
US6014745A (en) * 1997-07-17 2000-01-11 Silicon Systems Design Ltd. Protection for customer programs (EPROM)
US6212635B1 (en) * 1997-07-18 2001-04-03 David C. Reardon Network security system allowing access and modification to a security subsystem after initial installation when a master token is in place
US5978475A (en) 1997-07-18 1999-11-02 Counterpane Internet Security, Inc. Event auditing system
DE19733662C2 (de) * 1997-08-04 2001-05-23 Deutsche Telekom Mobil Verfahren und Vorrichtung zur kundenseitigen Personalisierung von GSM-Chips
US5919257A (en) 1997-08-08 1999-07-06 Novell, Inc. Networked workstation intrusion detection system
DE19735948C1 (de) * 1997-08-19 1998-10-01 Siemens Nixdorf Inf Syst Verfahren zur Verbesserung der Steuerungsmöglichkeit in Datenverarbeitungsanlagen mit Adreßübersetzung
US5935247A (en) 1997-09-18 1999-08-10 Geneticware Co., Ltd. Computer system having a genetic code that cannot be directly accessed and a method of maintaining the same
US6182089B1 (en) * 1997-09-23 2001-01-30 Silicon Graphics, Inc. Method, system and computer program product for dynamically allocating large memory pages of different sizes
US6357004B1 (en) * 1997-09-30 2002-03-12 Intel Corporation System and method for ensuring integrity throughout post-processing
US6061794A (en) * 1997-09-30 2000-05-09 Compaq Computer Corp. System and method for performing secure device communications in a peer-to-peer bus architecture
US6219787B1 (en) 1997-12-22 2001-04-17 Texas Instruments Incorporated Method and apparatus for extending security model to native code
US6378072B1 (en) * 1998-02-03 2002-04-23 Compaq Computer Corporation Cryptographic system
US6108644A (en) 1998-02-19 2000-08-22 At&T Corp. System and method for electronic transactions
US6131166A (en) 1998-03-13 2000-10-10 Sun Microsystems, Inc. System and method for cross-platform application level power management
US6192455B1 (en) * 1998-03-30 2001-02-20 Intel Corporation Apparatus and method for preventing access to SMRAM space through AGP addressing
US6374286B1 (en) * 1998-04-06 2002-04-16 Rockwell Collins, Inc. Real time processor capable of concurrently running multiple independent JAVA machines
US6173417B1 (en) 1998-04-30 2001-01-09 Intel Corporation Initializing and restarting operating systems
US6397242B1 (en) * 1998-05-15 2002-05-28 Vmware, Inc. Virtualization system including a virtual machine monitor for a computer with a segmented architecture
EP0961193B1 (en) 1998-05-29 2010-09-01 Texas Instruments Incorporated Secure computing device
US6339815B1 (en) * 1998-08-14 2002-01-15 Silicon Storage Technology, Inc. Microcontroller system having allocation circuitry to selectively allocate and/or hide portions of a program memory address space
US6505279B1 (en) * 1998-08-14 2003-01-07 Silicon Storage Technology, Inc. Microcontroller system having security circuitry to selectively lock portions of a program memory address space
JP2000076139A (ja) 1998-08-28 2000-03-14 Nippon Telegr & Teleph Corp <Ntt> 携帯型情報記憶媒体
US6363485B1 (en) * 1998-09-09 2002-03-26 Entrust Technologies Limited Multi-factor biometric authenticating device and method
US6230248B1 (en) 1998-10-12 2001-05-08 Institute For The Development Of Emerging Architectures, L.L.C. Method and apparatus for pre-validating regions in a virtual addressing scheme
US6609199B1 (en) 1998-10-26 2003-08-19 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US6327652B1 (en) 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
US7194092B1 (en) 1998-10-26 2007-03-20 Microsoft Corporation Key-based secure storage
US6282650B1 (en) 1999-01-25 2001-08-28 Intel Corporation Secure public digital watermark
US6560627B1 (en) 1999-01-28 2003-05-06 Cisco Technology, Inc. Mutual exclusion at the record level with priority inheritance for embedded systems using one semaphore
US7111290B1 (en) 1999-01-28 2006-09-19 Ati International Srl Profiling program execution to identify frequently-executed portions and to assist binary translation
US6188257B1 (en) 1999-02-01 2001-02-13 Vlsi Technology, Inc. Power-on-reset logic with secure power down capability
EP1030237A1 (en) 1999-02-15 2000-08-23 Hewlett-Packard Company Trusted hardware device in a computer
US7225333B2 (en) 1999-03-27 2007-05-29 Microsoft Corporation Secure processor architecture for use with a digital rights management (DRM) system on a computing device
US6615278B1 (en) 1999-03-29 2003-09-02 International Business Machines Corporation Cross-platform program, system, and method having a global registry object for mapping registry equivalent functions in an OS/2 operating system environment
US6684326B1 (en) 1999-03-31 2004-01-27 International Business Machines Corporation Method and system for authenticated boot operations in a computer system of a networked computing environment
US6651171B1 (en) 1999-04-06 2003-11-18 Microsoft Corporation Secure execution of program code
US6389537B1 (en) * 1999-04-23 2002-05-14 Intel Corporation Platform and method for assuring integrity of trusted agent communications
US6275933B1 (en) 1999-04-30 2001-08-14 3Com Corporation Security system for a computerized apparatus
EP1056014A1 (en) 1999-05-28 2000-11-29 Hewlett-Packard Company System for providing a trustworthy user interface
EP1055989A1 (en) 1999-05-28 2000-11-29 Hewlett-Packard Company System for digitally signing a document
US6529909B1 (en) 1999-08-31 2003-03-04 Accenture Llp Method for translating an object attribute converter in an information services patterns environment
US6571171B1 (en) * 1999-09-08 2003-05-27 Rockwell Collins, Inc. Method and apparatus for graphically inserting waypoints for a flight management system
JP2001148344A (ja) 1999-09-09 2001-05-29 Nikon Corp 露光装置、エネルギ源の出力制御方法、該方法を用いるレーザ装置、及びデバイス製造方法
EP1085396A1 (en) 1999-09-17 2001-03-21 Hewlett-Packard Company Operation of trusted state in computing platform
US6535988B1 (en) * 1999-09-29 2003-03-18 Intel Corporation System for detecting over-clocking uses a reference signal thereafter preventing over-clocking by reducing clock rate
US6374317B1 (en) * 1999-10-07 2002-04-16 Intel Corporation Method and apparatus for initializing a computer interface
EP1269425A2 (en) 2000-02-25 2003-01-02 Identix Incorporated Secure transaction system
AU2001243365A1 (en) 2000-03-02 2001-09-12 Alarity Corporation System and method for process protection
JP3710671B2 (ja) 2000-03-14 2005-10-26 シャープ株式会社 1チップマイクロコンピュータ及びそれを用いたicカード、並びに1チップマイクロコンピュータのアクセス制御方法
CA2341931C (en) 2000-03-24 2006-05-30 Contentguard Holdings, Inc. System and method for protection of digital works
US6678825B1 (en) 2000-03-31 2004-01-13 Intel Corporation Controlling access to multiple isolated memories in an isolated execution environment
US6633963B1 (en) 2000-03-31 2003-10-14 Intel Corporation Controlling access to multiple memory zones in an isolated execution environment
US6507904B1 (en) 2000-03-31 2003-01-14 Intel Corporation Executing isolated mode instructions in a secure system running in privilege rings
US6871276B1 (en) * 2000-04-05 2005-03-22 Microsoft Corporation Controlled-content recoverable blinded certificates
GB0020416D0 (en) 2000-08-18 2000-10-04 Hewlett Packard Co Trusted system
US6938164B1 (en) 2000-11-22 2005-08-30 Microsoft Corporation Method and system for allowing code to be securely initialized in a computer
GB0104764D0 (en) * 2001-02-24 2001-04-18 Ibm Method apparatus and computer program product for controlling access to a res urce
US7631160B2 (en) 2001-04-04 2009-12-08 Advanced Micro Devices, Inc. Method and apparatus for securing portions of memory
US6976136B2 (en) 2001-05-07 2005-12-13 National Semiconductor Corporation Flash memory protection scheme for secured shared BIOS implementation in personal computers with an embedded controller
US7676430B2 (en) 2001-05-09 2010-03-09 Lenovo (Singapore) Ptd. Ltd. System and method for installing a remote credit card authorization on a system with a TCPA complaint chipset
EP1271277A3 (en) 2001-06-26 2003-02-05 Redstrike B.V. Security system and software to prevent unauthorized use of a computing device
US20030018892A1 (en) 2001-07-19 2003-01-23 Jose Tello Computer with a modified north bridge, security engine and smart card having a secure boot capability and method for secure booting a computer
US7191464B2 (en) 2001-10-16 2007-03-13 Lenovo Pte. Ltd. Method and system for tracking a secure boot in a trusted computing environment
US7103771B2 (en) 2001-12-17 2006-09-05 Intel Corporation Connecting a virtual token to a physical token
US20030126453A1 (en) 2001-12-31 2003-07-03 Glew Andrew F. Processor supporting execution of an authenticated code instruction
US7308576B2 (en) 2001-12-31 2007-12-11 Intel Corporation Authenticated code module
US7107460B2 (en) 2002-02-15 2006-09-12 International Business Machines Corporation Method and system for securing enablement access to a data security device
US7343493B2 (en) 2002-03-28 2008-03-11 Lenovo (Singapore) Pte. Ltd. Encrypted file system using TCPA
US7318141B2 (en) 2002-12-17 2008-01-08 Intel Corporation Methods and systems to control virtual machines
US20040266523A1 (en) * 2003-04-16 2004-12-30 Gentles Thomas A Secured networks in a gaming system environment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101308538B (zh) * 2007-05-14 2012-10-03 三星电子株式会社 检查固件完整性的方法和设备
CN101394268B (zh) * 2008-09-12 2011-05-18 华南理工大学 基于广义信息域的高级加密系统及方法
US11301583B2 (en) * 2019-10-09 2022-04-12 Mastercard International Incorporated Method and system for protection of customer PII via cryptographic tokens

Also Published As

Publication number Publication date
US7516330B2 (en) 2009-04-07
CN102111274B (zh) 2014-07-02
US20060080528A1 (en) 2006-04-13
WO2002001794A2 (en) 2002-01-03
WO2002001794A3 (en) 2002-09-26
AU2001266942A1 (en) 2002-01-08
US6976162B1 (en) 2005-12-13
CN102111274A (zh) 2011-06-29
EP1297655A2 (en) 2003-04-02

Similar Documents

Publication Publication Date Title
CN102111274B (zh) 用于建立可核查身份而又保密的平台和方法
CN101019369B (zh) 利用在线服务向装置传递直接证明私有密钥的方法
CN102217277B (zh) 基于令牌进行认证的方法和系统
CN110519309B (zh) 数据传输方法、装置、终端、服务器及存储介质
CN100504819C (zh) 访问认证方法、信息处理单元以及可拆卸记录装置
EP1175038B1 (en) Technique for obtaining a sign-on certificate from a foreign PKI system using an existing strong authentication PKI system
US7100048B1 (en) Encrypted internet and intranet communication device
EP1322086A2 (en) Assignment of user certificates/private keys in token enabled public key infrastructure system
EP1617588A1 (en) Device authentication system
US7050584B1 (en) Method and system for regenerating a private key for a predetermined asymmetric cryptographic key pair
CN112232814B (zh) 支付密钥的加密和解密方法、支付认证方法及终端设备
CN113067699B (zh) 基于量子密钥的数据共享方法、装置和计算机设备
CN109981287B (zh) 一种代码签名方法及其存储介质
CN109598104B (zh) 基于时间戳和秘密鉴权文件的软件授权保护系统及其方法
CN111475824A (zh) 数据访问方法、装置、设备和存储介质
CN110222809B (zh) 一种二维码的信息组合及加密方法和二维码加密机
US20060053288A1 (en) Interface method and device for the on-line exchange of content data in a secure manner
KR102329221B1 (ko) 블록체인 기반 사용자 인증 방법
US8755521B2 (en) Security method and system for media playback devices
CN114553557A (zh) 密钥调用方法、装置、计算机设备和存储介质
CN113285934A (zh) 基于数字签名的服务器密码机客户端ip检测方法及装置
KR100681005B1 (ko) 키 로밍 방법 및 그를 위한 시스템
JP3436476B2 (ja) 認証用暗号鍵変更方法
CN117118759B (zh) 用户控制服务器端密钥可靠使用的方法
CN114866317B (zh) 多方的数据安全计算方法、装置、电子设备和存储介质

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20030827