WO1998027685A1 - Optimized security functionality in an electronic system - Google Patents
Optimized security functionality in an electronic system Download PDFInfo
- Publication number
- WO1998027685A1 WO1998027685A1 PCT/US1997/021900 US9721900W WO9827685A1 WO 1998027685 A1 WO1998027685 A1 WO 1998027685A1 US 9721900 W US9721900 W US 9721900W WO 9827685 A1 WO9827685 A1 WO 9827685A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- chipset
- cryptographic
- bus
- coupled
- bulk
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
Definitions
- the present invention relates to the field of cryptography. More particularly, the present invention relates to an electronic system that includes security functionality to optimize performance of the electronic system during cryptographic operations.
- PC personal computer
- Protection against unauthorized downloading may be accomplished by placing the information in an encrypted format prior to storage within the PC.
- Such encryption may be performed by either (i) a processing unit of the PC executing cryptographic software, or (ii) a cryptographic device solely connected to a system bus of the PC.
- the PC 100 designed in accordance with a conventional cryptographic implementation scheme is shown.
- the PC 100 includes a host processor 105 coupled to a chipset 110.
- the chipset 110 operates as a communicative pathway to both main memory 115 and an internal bus 120.
- a number of peripheral devices may be coupled to the internal bus 120 including a Personal Computer (“PC") card 125 that is used in this embodiment to provide cryptographic functionality to PC 100.
- Other peripheral devices include a parallel port device 126, a modem 127, and a disk controller 128 being an interface to a storage device such as a hard disk drive (“HDD”) 129.
- This conventional architectural scheme may simplify the implementation of cryptographic functionality into an existing PC platform without an appreciable effect on various components already implemented therein; however, it adversely impacts performance of PC 100.
- a primary disadvantage associated with the conventional cryptographic implementation of Figure 1 is that a cryptographic device 130, solely implemented within the PC 100 as a peripheral device such as a PC card, would adversely affect bandwidth of internal bus 120.
- the reason for the adverse effect is that performance of "bulk cryptographic operations” would require data to be transferred through internal bus 120 a multiple number of times.
- "Bulk cryptographic operations” are defined as operations involving (i) cryptography that supports high-volume throughput, (ii) hashing and the like.
- the cryptography utilized by bulk cryptographic operations typically involves symmetric key cryptography (e.g., encryption or decryption under Data Encryption Standard "DES" and other functions), or perhaps may involve asymmetric key cryptography.
- DES Data Encryption Standard
- the data residing in main memory 115 and having a non-encrypted format would be initially transferred to the peripheral device containing cryptographic device 130. Thereafter, cryptographic device 130 would encrypt the data and either transfer the encrypted data to HDD 129 or to main memory 115 for subsequent transmission to HDD 129.
- the data propagates through internal bus 120 at least two and perhaps three times, in contrast to the normal propagation of data directly from main memory 115 to HDD 129 in those cases when data is being stored in a non-encrypted format.
- FIG. 2 another embodiment of a PC 200, designed in accordance with a second conventional cryptographic implementation scheme, is shown.
- the PC 200 includes a host processor 205 coupled to a chipset 210, main memory 215 and an internal bus 220 as described above.
- cryptographic circuitry is implemented into each of the peripheral devices 225 ⁇ -225n ("n" being a positive whole number) connected to internal bus 220. This embodiment would avoid unacceptable bus bandwidth latency, but would impose other disadvantages.
- this embodiment increases the costs of each peripheral device 225 ⁇ -225 n - Typically, these additional costs result from greater component costs due to increased circuitry and greater design and manufacturing costs. Another disadvantage that may occur is that this embodiment increases the likelihood of future compatibility problems as different cryptographic circuitry enters the marketplace.
- the present invention relates to an electronic system having security functionality that optimizes performance of the electronic system during cryptographic operations.
- the electronic system includes a chipset implemented with dedicated circuitry to perform bulk cryptographic operations.
- the cryptographic operation of the chipset may be controlled and managed by circuitry physically removed from the chipset, and in secure communications therewith, such as the host processor or a cryptographic unit.
- the cryptographic operation of the chipset may also be controlled and managed by circuitry of the chipset.
- Figure 1 is a conventional PC platform providing cryptographic functionality through a cryptographic device having a dedicated connection to an internal bus.
- Figure 2 is a conventional PC platform providing cryptographic functionality by implementing cryptographic devices into peripherals coupled to the internal bus.
- Figure 3 is an embodiment of an electronic system providing improved performance during cryptographic operations by implementing partitioned secure cryptographic functionality in which bulk cryptographic operations are performed by the chipset which are controlled and managed by a separate cryptographic unit.
- Figure 4 is a more-detailed embodiment of the chipset and the cryptographic unit.
- Figure 5 is an illustrative block diagram of the session key storage element.
- Figure 6 is another embodiment of an electronic system providing improved performance during cryptographic operations by implementing partitioned secure cryptographic functionality in which bulk cryptographic operations are performed by the chipset which are controlled and managed by the host processor.
- Figure 7 is an illustrative flowchart of the general cryptographic operations performed by both the chipset and either the cryptographic unit or host processor in decrypting information obtained from a remote source.
- Figure 8 is an illustrative flowchart of cryptographic operations performed by both the chipset and either the cryptographic unit or host processor in encrypting information contained in main memory for storage within the electronic system.
- Figure 9 is yet another embodiment optimizing system performance during cryptographic operations by implementing cryptographic circuitry onto the chipset.
- Figure 10 is a more-detailed embodiment of the chipset of Figure 9.
- an "electronic system” is a system including processing and internal data storage which may include, but is not limited to a computer such as laptops or desktops, servers, imaging devices (e.g., printers, facsimile machines, scanners, etc.), financial devices (e.g., ATM machines) and the like.
- Information is defined as one or more bits of data, address, and/or control.
- a “message” is generally defined as information being transferred during one or more bus cycles.
- a “key” is an encoding and/or decoding parameter used by conventional cryptographic algorithms such as a Data Encryption Algorithm as specified in Data Encryption Standard ("DES") and the like. More particularly, a “session key” is a temporary key used in connection with symmetric cryptography to provide secure communications.
- DES Data Encryption Standard
- digital signature is a message typically used for authentication purposes.
- secure indicates that it is virtually computationally infeasible for an unauthorized individual to access information in a non-encrypted format or to successfully perpetuate fraud by tampering with such information.
- the electronic system 300 comprises a host processor 305 and a main memory element 310 (e.g., dynamic random access memory "DRAM”, static random access memory “SRAM”, etc.) coupled together by a chipset 315.
- the chipset 315 operates as an interface between a plurality of buses, namely a host bus 320, a memory bus 325 and bus 330.
- the chipset 315 may require modification to include dedicated circuitry that performs bulk cryptographic operations on messages transferred through chipset 315.
- Such dedicated circuitry is included within the chipset, regardless of whether it is physically located within an integrated circuit package of the chipset or outside the chipset's package but coupled to both the chipset 315 and bus 330.
- An illustrative embodiment of such circuitry is shown in Figure 4.
- the bus 330 provides a communication path between (i) a cryptographic unit 335 and (ii) a plurality of peripheral devices 340i-340 ("m" being a positive whole number).
- the bus 330 may be a Peripheral Component Interconnect ("PCI") bus, Industry Standard Architecture ("ISA”) bus or any other type of bus architecture. It is contemplated that bus 330 is shown as a single bus (e.g., the PCI bus), but it may be multiple buses coupled together through bridge circuitry in which each peripheral device 340 ⁇ -340 m is coupled to at least one of the multiple buses.
- the cryptographic unit 335 includes circuitry to control and manage bulk cryptographic operations performed by the chipset 315.
- peripheral devices 3401 -340m may include, but are not limited to, a mass storage device 340i (e.g., a hard disk drive, a CD ROM player, CD recordable player, digital tape drive, a floppy disk drive, a digital video disk player, etc.), a transceiver device 340 m (e.g., a network interface circuit card, a modem card, etc.) and the like.
- mass storage device 340i e.g., a hard disk drive, a CD ROM player, CD recordable player, digital tape drive, a floppy disk drive, a digital video disk player, etc.
- transceiver device 340 m e.g., a network interface circuit card, a modem card, etc.
- the chipset 315 includes circuitry 400 that performs bulk cryptographic operations on digital information propagating through the electronic system.
- the circuitry 400 includes a cryptographic engine 405 coupled to bus 330 and memory bus 325, a session key storage element 410 and a secret key storage element 420.
- the cryptographic engine 405 may possess a unique communication path to main memory via memory bus 325 or share this communication path with other circuitry through conventional multiplex hardware.
- the session key storage element 410 and the secret key storage element 420 are coupled to cryptographic engine 405 through signal lines 415 and 425, respectively.
- the signal lines 415 and 425 may have the same or different bit widths, ranging from one-bit to r-bits ("r" being a positive whole number, r > 1).
- the cryptographic engine 405 is circuitry (e.g., hardware or firmware) that performs a bulk cryptographic operation on input data based on a key supplied by either the session key storage element 410 or secret key storage element 420, or based on a hash function if hashing is performed.
- the session key storage element 410 is used to store session keys that are used when performing bulk cryptographic operations on data input into the cryptographic engine 405. More specifically, these bulk cryptographic operations may use the session key to decrypt data transferred to main memory from one of the peripheral devices or to encrypt data transferred to one of the peripheral devices for storage or transmission.
- Such encryption or decryption may be performed through Data Encryption Algorithm or other symmetric cryptographic functions, while hashing may be performed through cryptographic hash functions such as Message Digest 5 ("MD5") provided by RSA Data Security of Redwood City, California, Secure Hash Algorithm (“SHA-l”) specified by the National Institute of Standards and Technology of Washington, D.C., and other established hash functions.
- MD5 Message Digest 5
- SHA-l Secure Hash Algorithm
- the session key storage element 410 is implemented with volatile memory to contain one or more session key(s).
- the session key storage element 410 may be configured as cache memory that supports one or more session keys although such caching architecture is not required.
- one embodiment of the session key storage element 410 includes multiple storage entries 500i-500 x ("x" being a positive whole number), accessible by bus lines coupled thereto (not shown). Each storage entry 500 ⁇ -500 x pertains to one unique key and provides sufficient storage to support at least three fields associated with that key; namely, a session key field (“SKF”) 505l-505 x , a priority/validity field (“PVF”) 510i-510 x and at least one address information field (“AIF”) 515l-515 ⁇ .
- SMF session key field
- PVF priority/validity field
- AIF address information field
- the session key field 505i-505 x is used to contain different session keys used when performing bulk cryptographic operations.
- the priority/validity field 510i- 510 x is used to identify an "invalid" entry and to establish a priority in determining which entries may be overwritten when loading new session keys.
- the address information field(s) 515 ⁇ -515 x include information relating to the source and destination addresses of a message being processed.
- cryptographic unit 335 is used to control and manage bulk cryptographic operations performed by the chipset 315 as well as to support a secure communication path and interconnection with the chipset 315 and possibly other systems.
- the cryptographic unit comprises a bus 600 interconnecting a processing unit 605, non-volatile memory element 610, an optional volatile memory element 615 (as denoted by dashed lines), and an optional random number generator (“RNG”) 620 (as denoted by dashed lines).
- the processing unit 605 may include, but is not limited to a processor, a micro-controller, a state machine logic circuit and the like.
- the non-volatile memory element 610 contains at least a shared secret key, which is also imprinted into the secret key storage element 420 normally during manufacture when the cryptographic unit 335 and the chipset are powered up and in communication with each other. This imprinting may be performed by an original equipment manufacturer (“OEM”) of the electronic system, suppliers of the chipset and/or cryptographic unit, or a specified third party.
- OEM original equipment manufacturer
- the shared secret key is generated by random number generator 620, if implemented, or an externally available random number generator. It is contemplated that the shared secret key may be produced after manufacture by an OEM or a trusted authority (e.g., trade association, governmental entity or other "trusted” entity). As discussed, the shared secret key may be used by both chipset 315 and cryptographic unit 335 to encrypt and decrypt information or to establish a "session" key used for that purpose. It is further contemplated that volatile memory element 615, if implemented, may be utilized as temporary storage by the processing unit 605.
- FIG 6 another embodiment of the electronic system providing improved performance during cryptographic operations is shown.
- the electronic system is similar to that shown in Figure 3 with the exception that no cryptographic unit is implemented to control and manage the chipset. Rather, it is contemplated that the host processor may control and manage the performance of bulk cryptographic operations by the chipset 315 through a combination of software and hardware.
- a flowchart illustrating the operations of an electronic system, implemented with partitioned data security functionality, to decrypt a message in an encrypted format received by a transceiver of the electronic system is shown.
- a header of the message is transferred to the cryptographic unit (Step 705).
- the header includes a session key (hereinafter referred to as a "mail key") encrypted with other information.
- the mail key is extracted from the header of the message by decrypting the header with a key contained in memory of the cryptographic unit (Step 710).
- the key may be a private key associated with the electronic system if public/private key cryptography is used to secure communications between the electronic system and other networked systems.
- the host processor is performing the functions of the cryptographic unit in controlling the bulk cryptographic operations of the chipset, the header is processed by the host processor using a key to which the host processor has access.
- the mail key is securely transmitted to the chipset, destined for the session key storage element (Step 715).
- This secure transmission is accomplished by the cryptographic unit or host processor producing a control message being the mail key encrypted under a message key.
- “message key” is either the shared secret key or a session key established through the use of the shared secret key.
- the control message can be transmitted to the chipset, which decrypts the control message, using the message key, to recover the mail key. Subsequently, the mail key is loaded into the session key storage element (Steps 720 and 725).
- FIG. 8 a flowchart illustrating the operations of the electronic system, implemented with partitioned data security functionality, to encrypt data before storage in a peripheral device such as HDD, is shown.
- the operating system of the electronic system sends a request to the cryptographic unit ( or host processor) requesting preparation to transfer contents of main memory to a hard disk controller (Step 805).
- the cryptographic unit (or host processor) generates a session key for encryption, referred to as a "file key”, and securely transmits the file key to the chipset through the use of the message key (Steps 810 and 815).
- the chipset places the file key in the session key storage element (Step 820). Thereafter, the OS writes the data contained in main memory to the hard disk controller and the chipset encrypts the data, forming at least a portion of the message, with the file key as it propagates there through. Thus, the data is stored in an encrypted format on HDD (Step 825).
- FIG 9 it is contemplated that another architectural embodiment of an electronic system 900 employing the present invention may be used, absent partitioned data security functionality as set forth in Figures 3-7.
- the electronic system 900 includes a chipset 910 performing bulk cryptographic operations and internally controlling these operations. Thus, a dedicated cryptographic unit for control purposes would not be required.
- this chipset 910 includes (i) a cryptographic engine
- a session key storage element 930 coupled to the cryptographic engine 915 through a dedicated bus 935.
- chipset 910 further comprises circuitry of controlling and managing the bulk cryptographic operations performed by the cryptographic engine 915.
- This circuitry includes a processing unit 940 (e.g., a processor, state machine, micro-controller, etc.), coupled to both internal bus 920 and another internal bus 945 coupled to session key storage element 930, and memory capable of storing key information (e.g., public/private key pair or other key information), cryptographic software, or any other data.
- the memory includes a non- volatile memory element 950 coupled to internal bus 945 and/or volatile memory 955.
- the chipset 910 may include a random number generator 960, coupled to internal bus 945, to internally produce key information.
- chipset 910 differs from chipset 315 of Figures 3-4 in that it is implemented with circuitry and software to control and manage bulk cryptographic operations by the chipset 910 in lieu of external control by the cryptographic unit of Figures 3-4.
- the advantage of internalizing both the circuitry for performing the bulk cryptographic operations and the circuitry for controlling and managing these operations within the same physical package is that it allows for the elimination of additional storage space for a shared secret key (e.g., the shared key storage element). The reason is that there is lesser need for a cryptographically secure communication because the processing unit is not externally located from the chipset as in partitioned functionality.
- the operations of the chipset 910 are discussed in relation to the receipt of an external message (e.g., an electronic mail message).
- a portion of the external message namely the header, is transferred from the transceiver to the host processor.
- the host processor Upon the host processor determining that the message is encrypted, it sends the header to the chipset 910.
- the chipset 910 routes the header to the processing unit 940, which would decrypt the header using key information stored within internal memory of the chipset 910, most likely non-volatile memory element 950.
- the key information would likely be a private key of the electronic system contained within the chipset 910, although the key may be a symmetric key if symmetric key cryptography is used.
- the processing unit 940 Upon decrypting the header, the processing unit 940 would extract a mail key from the header and this mail key would be transferred from the processing unit 940 to the session key storage element 930 through internal bus 945. Thereafter, the host processor would arrange the rest of the data forming the external message to be transferred through the cryptographic engine 915 via internal bus 920. The cryptographic engine 915 would decrypt the data of the external message using the mail key, provided by the session key storage element 930 via internal bus 935, and subsequently route the non-encrypted data to main memory via internal bus 925.
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU59565/98A AU5956598A (en) | 1996-12-18 | 1997-11-25 | Optimized security functionality in an electronic system |
DE19782199T DE19782199T1 (en) | 1996-12-18 | 1997-11-25 | Optimized security functionality in an electronic system |
GB9913962A GB2336080B (en) | 1996-12-18 | 1997-11-25 | Optimized security functionality in an electronic system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/768,674 US5818939A (en) | 1996-12-18 | 1996-12-18 | Optimized security functionality in an electronic system |
US08/768,674 | 1996-12-18 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO1998027685A1 true WO1998027685A1 (en) | 1998-06-25 |
WO1998027685B1 WO1998027685B1 (en) | 1998-07-23 |
Family
ID=25083169
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US1997/021900 WO1998027685A1 (en) | 1996-12-18 | 1997-11-25 | Optimized security functionality in an electronic system |
Country Status (6)
Country | Link |
---|---|
US (2) | US5818939A (en) |
AU (1) | AU5956598A (en) |
DE (1) | DE19782199T1 (en) |
GB (1) | GB2336080B (en) |
TW (1) | TW344051B (en) |
WO (1) | WO1998027685A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2353676A (en) * | 1999-08-17 | 2001-02-28 | Hewlett Packard Co | Robust encryption and decryption of packetised data transferred across communications networks |
EP1801725A2 (en) * | 2005-12-14 | 2007-06-27 | Nvidia Corporation | Chipset security offload engine |
EP2207123A2 (en) | 2008-12-31 | 2010-07-14 | Intel Corporation | Enforcing use of chipset key management services for encrypted storage devices |
US7920701B1 (en) | 2004-12-15 | 2011-04-05 | Nvidia Corporation | System and method for digital content protection |
US8473750B2 (en) | 2004-12-15 | 2013-06-25 | Nvidia Corporation | Chipset security offload engine |
Families Citing this family (127)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7037426B2 (en) * | 2000-05-04 | 2006-05-02 | Zenon Environmental Inc. | Immersed membrane apparatus |
US6705517B1 (en) * | 1996-11-27 | 2004-03-16 | Die Old, Incorporated | Automated banking machine system and method |
US6542610B2 (en) | 1997-01-30 | 2003-04-01 | Intel Corporation | Content protection for digital transmission systems |
US6151678A (en) * | 1997-09-09 | 2000-11-21 | Intel Corporation | Anti-theft mechanism for mobile computers |
US6357004B1 (en) | 1997-09-30 | 2002-03-12 | Intel Corporation | System and method for ensuring integrity throughout post-processing |
US6470454B1 (en) * | 1998-03-31 | 2002-10-22 | International Business Machines Corporation | Method and apparatus for establishing computer configuration protection passwords for protecting computer configurations |
US6304973B1 (en) * | 1998-08-06 | 2001-10-16 | Cryptek Secure Communications, Llc | Multi-level security network system |
US6389533B1 (en) | 1999-02-05 | 2002-05-14 | Intel Corporation | Anonymity server |
US6668323B1 (en) | 1999-03-03 | 2003-12-23 | International Business Machines Corporation | Method and system for password protection of a data processing system that permit a user-selected password to be recovered |
US7096370B1 (en) * | 1999-03-26 | 2006-08-22 | Micron Technology, Inc. | Data security for digital data storage |
US6857076B1 (en) * | 1999-03-26 | 2005-02-15 | Micron Technology, Inc. | Data security for digital data storage |
US6571335B1 (en) | 1999-04-01 | 2003-05-27 | Intel Corporation | System and method for authentication of off-chip processor firmware code |
US6389537B1 (en) | 1999-04-23 | 2002-05-14 | Intel Corporation | Platform and method for assuring integrity of trusted agent communications |
US6708272B1 (en) * | 1999-05-20 | 2004-03-16 | Storage Technology Corporation | Information encryption system and method |
US6647494B1 (en) | 1999-06-14 | 2003-11-11 | Intel Corporation | System and method for checking authorization of remote configuration operations |
US6633981B1 (en) | 1999-06-18 | 2003-10-14 | Intel Corporation | Electronic system and method for controlling access through user authentication |
US7600131B1 (en) * | 1999-07-08 | 2009-10-06 | Broadcom Corporation | Distributed processing in a cryptography acceleration chip |
US7216235B1 (en) * | 1999-10-19 | 2007-05-08 | Tivo Inc. | Drive/host locking system |
UA72944C2 (en) * | 1999-12-02 | 2005-05-16 | Інфінеон Текнолоджіз Аг | Microprocessor device with data coding |
US7073071B1 (en) | 2000-03-31 | 2006-07-04 | Intel Corporation | Platform and method for generating and utilizing a protected audit log |
US6760441B1 (en) | 2000-03-31 | 2004-07-06 | Intel Corporation | Generating a key hieararchy for use in an isolated execution environment |
US6769058B1 (en) | 2000-03-31 | 2004-07-27 | Intel Corporation | Resetting a processor in an isolated execution environment |
US6754815B1 (en) | 2000-03-31 | 2004-06-22 | Intel Corporation | Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set |
US7194634B2 (en) * | 2000-03-31 | 2007-03-20 | Intel Corporation | Attestation key memory device and bus |
US7013484B1 (en) | 2000-03-31 | 2006-03-14 | Intel Corporation | Managing a secure environment using a chipset in isolated execution mode |
US7356817B1 (en) | 2000-03-31 | 2008-04-08 | Intel Corporation | Real-time scheduling of virtual machines |
US7013481B1 (en) * | 2000-03-31 | 2006-03-14 | Intel Corporation | Attestation key memory device and bus |
US20020037081A1 (en) * | 2000-04-28 | 2002-03-28 | David Rogoff | Cryptographic key distribution system and method for digital video systems |
EP1279283A2 (en) * | 2000-04-28 | 2003-01-29 | Broadcom Corporation | Cryptographic key distribution system and method for digital video systems |
IL152595A0 (en) * | 2000-05-01 | 2003-06-24 | Ibm | Improving des hardware throughput for short operations |
FR2810139B1 (en) * | 2000-06-08 | 2002-08-23 | Bull Cp8 | METHOD FOR SECURING THE PRE-INITIALIZATION PHASE OF AN ON-BOARD ELECTRONIC CHIP SYSTEM, ESPECIALLY A CHIP CARD, AND ON-BOARD SYSTEM IMPLEMENTING THE METHOD |
US7020773B1 (en) * | 2000-07-17 | 2006-03-28 | Citrix Systems, Inc. | Strong mutual authentication of devices |
US7793111B1 (en) | 2000-09-28 | 2010-09-07 | Intel Corporation | Mechanism to handle events in a machine with isolated execution |
EE200000390A (en) * | 2000-11-02 | 2002-06-17 | Artec Design Group O� | Data encryption device based on protocol analysis |
US6986040B1 (en) * | 2000-11-03 | 2006-01-10 | Citrix Systems, Inc. | System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel |
US7215781B2 (en) * | 2000-12-22 | 2007-05-08 | Intel Corporation | Creation and distribution of a secret value between two devices |
US7035963B2 (en) * | 2000-12-27 | 2006-04-25 | Intel Corporation | Method for resolving address space conflicts between a virtual machine monitor and a guest operating system |
US6907600B2 (en) | 2000-12-27 | 2005-06-14 | Intel Corporation | Virtual translation lookaside buffer |
US7225441B2 (en) | 2000-12-27 | 2007-05-29 | Intel Corporation | Mechanism for providing power management through virtualization |
US6948065B2 (en) | 2000-12-27 | 2005-09-20 | Intel Corporation | Platform and method for securely transmitting an authorization secret |
US7818808B1 (en) | 2000-12-27 | 2010-10-19 | Intel Corporation | Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor |
JP2002229861A (en) * | 2001-02-07 | 2002-08-16 | Hitachi Ltd | Recording device with copyright protecting function |
US7451116B2 (en) * | 2001-03-07 | 2008-11-11 | Diebold, Incorporated | Automated transaction machine digital signature system and method |
US8261975B2 (en) * | 2001-03-07 | 2012-09-11 | Diebold, Incorporated | Automated banking machine that operates responsive to data bearing records |
FR2822565B1 (en) * | 2001-03-23 | 2004-09-10 | Schlumberger Systems & Service | SECURE ELECTRONIC COMPONENT |
US7526795B2 (en) | 2001-03-27 | 2009-04-28 | Micron Technology, Inc. | Data security for digital data storage |
US20020141577A1 (en) * | 2001-03-29 | 2002-10-03 | Ripley Michael S. | Method and system for providing bus encryption based on cryptographic key exchange |
US7110986B1 (en) | 2001-04-23 | 2006-09-19 | Diebold, Incorporated | Automated banking machine system and method |
US7418592B1 (en) | 2001-04-23 | 2008-08-26 | Diebold, Incorporated | Automated banking machine system and method |
US7159114B1 (en) | 2001-04-23 | 2007-01-02 | Diebold, Incorporated | System and method of securely installing a terminal master key on an automated banking machine |
DE10127195A1 (en) * | 2001-06-05 | 2002-12-19 | Infineon Technologies Ag | Processor with internal memory configuration allowing register memory to store as many as possible operands with remainder of memory capacity used for storing other data |
US7024511B2 (en) * | 2001-06-22 | 2006-04-04 | Intel Corporation | Method and apparatus for active memory bus peripheral control utilizing address call sequencing |
US20030188183A1 (en) * | 2001-08-27 | 2003-10-02 | Lee Lane W. | Unlocking method and system for data on media |
WO2003021863A1 (en) * | 2001-08-31 | 2003-03-13 | Hamilton Jon W | Non-algebraic method of encryption and decryption |
US8533776B2 (en) * | 2001-09-14 | 2013-09-10 | Lenovo (Singapore) Pte Ltd. | Method and system for binding a device to a planar |
US7415571B1 (en) | 2001-10-31 | 2008-08-19 | Western Digital Ventures, Inc. | Disk drive and method for using a mailbox file associated with a disk storage medium for performing a function characterized by contents of the mailbox file |
US7543117B1 (en) | 2001-10-31 | 2009-06-02 | Western Digital Ventures, Inc. | Method for installing a mailbox file associated with a disk storage medium |
US7024555B2 (en) | 2001-11-01 | 2006-04-04 | Intel Corporation | Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment |
US7631196B2 (en) | 2002-02-25 | 2009-12-08 | Intel Corporation | Method and apparatus for loading a trustable operating system |
US7305567B1 (en) * | 2002-03-01 | 2007-12-04 | Cavium Networks, In. | Decoupled architecture for data ciphering operations |
ATE263391T1 (en) * | 2002-03-26 | 2004-04-15 | Soteres Gmbh | PROCEDURES FOR PROTECTING THE INTEGRITY OF PROGRAMS |
US7069442B2 (en) | 2002-03-29 | 2006-06-27 | Intel Corporation | System and method for execution of a secured environment initialization instruction |
US7130951B1 (en) * | 2002-04-18 | 2006-10-31 | Advanced Micro Devices, Inc. | Method for selectively disabling interrupts on a secure execution mode-capable processor |
US7139890B2 (en) | 2002-04-30 | 2006-11-21 | Intel Corporation | Methods and arrangements to interface memory |
US6820177B2 (en) | 2002-06-12 | 2004-11-16 | Intel Corporation | Protected configuration space in a protected environment |
JP2004070499A (en) * | 2002-08-02 | 2004-03-04 | Fujitsu Ltd | Memory device, and enciphering/decoding method |
US20040123120A1 (en) * | 2002-12-18 | 2004-06-24 | Broadcom Corporation | Cryptography accelerator input interface data handling |
US7434043B2 (en) | 2002-12-18 | 2008-10-07 | Broadcom Corporation | Cryptography accelerator data routing unit |
US7568110B2 (en) * | 2002-12-18 | 2009-07-28 | Broadcom Corporation | Cryptography accelerator interface decoupling from cryptography processing cores |
US7191341B2 (en) * | 2002-12-18 | 2007-03-13 | Broadcom Corporation | Methods and apparatus for ordering data in a cryptography accelerator |
US20040123123A1 (en) * | 2002-12-18 | 2004-06-24 | Buer Mark L. | Methods and apparatus for accessing security association information in a cryptography accelerator |
US7900017B2 (en) | 2002-12-27 | 2011-03-01 | Intel Corporation | Mechanism for remapping post virtual machine memory pages |
US20040128465A1 (en) * | 2002-12-30 | 2004-07-01 | Lee Micheil J. | Configurable memory bus width |
US7076802B2 (en) * | 2002-12-31 | 2006-07-11 | Intel Corporation | Trusted system clock |
EP1457859B1 (en) * | 2003-03-14 | 2012-10-17 | Broadcom Corporation | Data encryption/decryption device |
US8234504B2 (en) * | 2003-04-15 | 2012-07-31 | Broadcom Corporation | Method and system for data encryption and decryption |
GB0310411D0 (en) * | 2003-05-07 | 2003-06-11 | Koninkl Philips Electronics Nv | Electronic device provided with cryptographic circuit and method of establishing the same |
US7415708B2 (en) | 2003-06-26 | 2008-08-19 | Intel Corporation | Virtual machine management using processor state information |
US7287197B2 (en) * | 2003-09-15 | 2007-10-23 | Intel Corporation | Vectoring an interrupt or exception upon resuming operation of a virtual machine |
US7739521B2 (en) | 2003-09-18 | 2010-06-15 | Intel Corporation | Method of obscuring cryptographic computations |
US7376836B2 (en) * | 2003-09-19 | 2008-05-20 | Nortel Networks Limited | Systems and methods for preventing an attack on healthcare data processing resources in a hospital information system |
US7430671B2 (en) * | 2004-03-31 | 2008-09-30 | Nortel Networks Limited | Systems and methods for preserving confidentiality of sensitive information in a point-of-care communications environment |
US20050086079A1 (en) * | 2003-09-19 | 2005-04-21 | Graves Alan F. | Integrated and secure architecture for delivery of communications services in a hospital |
US20080209513A1 (en) * | 2003-09-19 | 2008-08-28 | Nortel Networks Limited | Systems and methods for preventing an attack on healthcare data processing resources in a hospital information system |
US20050080934A1 (en) * | 2003-09-30 | 2005-04-14 | Cota-Robles Erik C. | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
US7366304B2 (en) * | 2003-10-07 | 2008-04-29 | Lenovo (Singapore) Pte. Ltd. | Cruable U-NII wireless radio with secure, integral antenna connection via SM BIOS in U-NII wireless ready device |
FR2861234A1 (en) * | 2003-10-17 | 2005-04-22 | St Microelectronics Sa | ENCRYPTION OF DATA IN AN ELECTRONIC APPARATUS WITH MULTIPLE SYMMETRIC PROCESSORS |
US20050108434A1 (en) * | 2003-11-13 | 2005-05-19 | Witchey Nicholas J. | In-band firewall for an embedded system |
US8010789B2 (en) * | 2003-11-13 | 2011-08-30 | Lantronix, Inc. | Secure data transfer using an embedded system |
US8156343B2 (en) | 2003-11-26 | 2012-04-10 | Intel Corporation | Accessing private data about the state of a data processing machine from storage that is publicly accessible |
US8037314B2 (en) | 2003-12-22 | 2011-10-11 | Intel Corporation | Replacing blinded authentication authority |
US7802085B2 (en) | 2004-02-18 | 2010-09-21 | Intel Corporation | Apparatus and method for distributing private keys to an entity with minimal secret, unique information |
US8468337B2 (en) * | 2004-03-02 | 2013-06-18 | International Business Machines Corporation | Secure data transfer over a network |
US7564976B2 (en) * | 2004-03-02 | 2009-07-21 | International Business Machines Corporation | System and method for performing security operations on network data |
US7620949B2 (en) | 2004-03-31 | 2009-11-17 | Intel Corporation | Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment |
US7840962B2 (en) | 2004-09-30 | 2010-11-23 | Intel Corporation | System and method for controlling switching between VMM and VM using enabling value of VMM timer indicator and VMM timer value having a specified time |
US8146078B2 (en) | 2004-10-29 | 2012-03-27 | Intel Corporation | Timer offsetting mechanism in a virtual machine environment |
US20060117122A1 (en) * | 2004-11-04 | 2006-06-01 | Intel Corporation | Method and apparatus for conditionally obfuscating bus communications |
US8924728B2 (en) | 2004-11-30 | 2014-12-30 | Intel Corporation | Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information |
US20060136717A1 (en) | 2004-12-20 | 2006-06-22 | Mark Buer | System and method for authentication via a proximate device |
US8295484B2 (en) | 2004-12-21 | 2012-10-23 | Broadcom Corporation | System and method for securing data from a remote input device |
US8533777B2 (en) | 2004-12-29 | 2013-09-10 | Intel Corporation | Mechanism to determine trust of out-of-band management agents |
US20090210695A1 (en) * | 2005-01-06 | 2009-08-20 | Amir Shahindoust | System and method for securely communicating electronic documents to an associated document processing device |
US7502466B2 (en) * | 2005-01-06 | 2009-03-10 | Toshiba Corporation | System and method for secure communication of electronic documents |
US7395405B2 (en) | 2005-01-28 | 2008-07-01 | Intel Corporation | Method and apparatus for supporting address translation in a virtual machine environment |
US20060198515A1 (en) * | 2005-03-03 | 2006-09-07 | Seagate Technology Llc | Secure disc drive electronics implementation |
US8364792B2 (en) * | 2005-03-09 | 2013-01-29 | Vudu, Inc. | Method and system for distributing restricted media to consumers |
US20060288209A1 (en) * | 2005-06-20 | 2006-12-21 | Vogler Dean H | Method and apparatus for secure inter-processor communications |
US7809957B2 (en) | 2005-09-29 | 2010-10-05 | Intel Corporation | Trusted platform module for generating sealed data |
US20080025504A1 (en) * | 2005-11-23 | 2008-01-31 | Robert Rapp | Computer or digital device data encryption/decryption performed by using a random analog source |
US7900060B2 (en) * | 2006-02-17 | 2011-03-01 | Vudu, Inc. | Method and system for securing a disk key |
US8014530B2 (en) | 2006-03-22 | 2011-09-06 | Intel Corporation | Method and apparatus for authenticated, recoverable key distribution with no database secrets |
US8239686B1 (en) | 2006-04-27 | 2012-08-07 | Vudu, Inc. | Method and system for protecting against the execution of unauthorized software |
KR20090059602A (en) * | 2007-12-07 | 2009-06-11 | 한국전자통신연구원 | Encrypting device having session memory bus |
US8607034B2 (en) * | 2008-05-24 | 2013-12-10 | Via Technologies, Inc. | Apparatus and method for disabling a microprocessor that provides for a secure execution mode |
US8819839B2 (en) * | 2008-05-24 | 2014-08-26 | Via Technologies, Inc. | Microprocessor having a secure execution mode with provisions for monitoring, indicating, and managing security levels |
US9286493B2 (en) * | 2009-01-07 | 2016-03-15 | Clevx, Llc | Encryption bridge system and method of operation thereof |
US8839000B2 (en) * | 2009-03-23 | 2014-09-16 | Hewlett-Packard Development Company, L.P. | System and method for securely storing data in an electronic device |
US9252941B2 (en) * | 2009-11-06 | 2016-02-02 | Nikolajs VOLKOVS | Enhanced digital signatures algorithm method and system utilitzing a secret generator |
US8312296B2 (en) | 2010-03-10 | 2012-11-13 | Dell Products L.P. | System and method for recovering from an interrupted encryption and decryption operation performed on a volume |
US8856550B2 (en) * | 2010-03-10 | 2014-10-07 | Dell Products L.P. | System and method for pre-operating system encryption and decryption of data |
US8930713B2 (en) | 2010-03-10 | 2015-01-06 | Dell Products L.P. | System and method for general purpose encryption of data |
US9135471B2 (en) * | 2010-03-10 | 2015-09-15 | Dell Products L.P. | System and method for encryption and decryption of data |
US9092601B2 (en) | 2013-03-04 | 2015-07-28 | Dell Products, Lp | System and method for creating and managing object credentials for multiple applications |
US10153904B2 (en) * | 2015-04-29 | 2018-12-11 | Ncr Corporation | Validating resources execution |
US10326596B2 (en) * | 2016-10-01 | 2019-06-18 | Intel Corporation | Techniques for secure authentication |
CN107169344B (en) * | 2017-05-10 | 2020-04-21 | 威盛电子股份有限公司 | Method for blocking unauthorized application and apparatus using the same |
Family Cites Families (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA1004362A (en) * | 1972-04-11 | 1977-01-25 | Gretag Aktiengesellschaft | System for the individual identification of a plurality of individuals |
FR2311360A1 (en) * | 1975-05-13 | 1976-12-10 | Innovation Ste Int | SYSTEM FOR STORING DATA CONFIDENTIALLY BY MEANS OF PORTABLE ELECTRONIC OBJECTS INCLUDING A CONFIDENTIAL CODE ERROR MEMORIZATION CIRCUIT |
FR2392447A1 (en) * | 1977-05-26 | 1978-12-22 | Cii Honeywell Bull | INFORMATION PROCESSING SYSTEM PROTECTING THE SECRET OF CONFIDENTIAL INFORMATION |
FR2394131A1 (en) * | 1977-06-07 | 1979-01-05 | Cii Honeywell Bull | INFORMATION PROCESSING SYSTEM PROTECTING THE SECRET OF CONFIDENTIAL INFORMATION |
US4310720A (en) * | 1978-03-31 | 1982-01-12 | Pitney Bowes Inc. | Computer accessing system |
FR2477344B1 (en) * | 1980-03-03 | 1986-09-19 | Bull Sa | METHOD AND SYSTEM FOR TRANSMITTING CONFIDENTIAL INFORMATION |
FR2480539B1 (en) * | 1980-04-09 | 1985-09-13 | Cii Honeywell Bull | METHOD AND SYSTEM FOR TRANSMITTING SIGNED MESSAGES |
FR2514593B1 (en) * | 1981-10-09 | 1986-12-26 | Bull Sa | METHOD AND DEVICE FOR AUTHENTICATING THE SIGNATURE OF A SIGNED MESSAGE |
FR2526977B1 (en) * | 1982-05-14 | 1988-06-10 | Cii Honeywell Bull | METHOD AND DEVICE FOR AUTHENTICATING OR CERTIFYING AT LEAST INFORMATION CONTAINED IN A MEMORY OF AN ELECTRONIC MEDIUM IN PARTICULAR REMOVABLE AND PORTABLE SUCH AS A CARD |
US4578531A (en) * | 1982-06-09 | 1986-03-25 | At&T Bell Laboratories | Encryption system key distribution method and apparatus |
FR2530053B1 (en) * | 1982-07-08 | 1986-04-25 | Bull Sa | METHOD FOR CERTIFYING THE SOURCE OF AT LEAST ONE INFORMATION RECORDED IN A MEMORY OF A FIRST ELECTRONIC DEVICE AND TRANSMITTED TO A SECOND ELECTRONIC DEVICE, AND SYSTEM FOR IMPLEMENTING SUCH A METHOD |
US4558176A (en) * | 1982-09-20 | 1985-12-10 | Arnold Mark G | Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software |
US4658093A (en) * | 1983-07-11 | 1987-04-14 | Hellman Martin E | Software distribution system |
FR2592510B1 (en) * | 1985-12-31 | 1988-02-12 | Bull Cp8 | METHOD AND APPARATUS FOR CERTIFYING SERVICES OBTAINED USING A PORTABLE MEDIUM SUCH AS A MEMORY CARD |
FR2600189B1 (en) * | 1986-06-16 | 1991-02-01 | Bull Cp8 | PROCESS FOR AUTHENTICATING BY AN EXTERNAL ENVIRONMENT A PORTABLE OBJECT SUCH AS A MEMORY CARD COUPLED TO THIS ENVIRONMENT |
US5020105A (en) * | 1986-06-16 | 1991-05-28 | Applied Information Technologies Corporation | Field initialized authentication system for protective security of electronic information networks |
FR2601535B1 (en) * | 1986-07-11 | 1988-10-21 | Bull Cp8 | METHOD FOR CERTIFYING THE AUTHENTICITY OF DATA EXCHANGED BETWEEN TWO DEVICES CONNECTED LOCALLY OR REMOTELY THROUGH A TRANSMISSION LINE |
FR2601795B1 (en) * | 1986-07-17 | 1988-10-07 | Bull Cp8 | METHOD FOR DIVERSIFYING A BASE KEY AND FOR AUTHENTICATING A KEY THUS DIVERSIFIED AS HAVING BEEN PREPARED FROM A PREDETERMINED BASE KEY, AND SYSTEM FOR IMPLEMENTING IT |
FR2618002B1 (en) * | 1987-07-10 | 1991-07-05 | Schlumberger Ind Sa | METHOD AND SYSTEM FOR AUTHENTICATING ELECTRONIC MEMORY CARDS |
US5218637A (en) * | 1987-09-07 | 1993-06-08 | L'etat Francais Represente Par Le Ministre Des Postes, Des Telecommunications Et De L'espace | Method of transferring a secret, by the exchange of two certificates between two microcomputers which establish reciprocal authorization |
US5214702A (en) * | 1988-02-12 | 1993-05-25 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
US4962532A (en) * | 1988-12-22 | 1990-10-09 | Ibm Corporation | Method for providing notification of classified electronic message delivery restriction |
US5191611A (en) * | 1989-04-03 | 1993-03-02 | Lang Gerald S | Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients |
US5144667A (en) * | 1990-12-20 | 1992-09-01 | Delco Electronics Corporation | Method of secure remote access |
US5142579A (en) * | 1991-01-29 | 1992-08-25 | Anderson Walter M | Public key cryptographic system and method |
US5231666A (en) * | 1992-04-20 | 1993-07-27 | International Business Machines Corporation | Cryptographic method for updating financial records |
US5499295A (en) * | 1993-08-31 | 1996-03-12 | Ericsson Inc. | Method and apparatus for feature authorization and software copy protection in RF communications devices |
US5371794A (en) * | 1993-11-02 | 1994-12-06 | Sun Microsystems, Inc. | Method and apparatus for privacy and authentication in wireless networks |
US5483596A (en) * | 1994-01-24 | 1996-01-09 | Paralon Technologies, Inc. | Apparatus and method for controlling access to and interconnection of computer system resources |
US5495533A (en) * | 1994-04-29 | 1996-02-27 | International Business Machines Corporation | Personal key archive |
US5805706A (en) * | 1996-04-17 | 1998-09-08 | Intel Corporation | Apparatus and method for re-encrypting data without unsecured exposure of its non-encrypted format |
US5473692A (en) * | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
US5539828A (en) * | 1994-05-31 | 1996-07-23 | Intel Corporation | Apparatus and method for providing secured communications |
US5615264A (en) * | 1995-06-08 | 1997-03-25 | Wave Systems Corp. | Encrypted data package record for use in remote transaction metered data system |
US5799091A (en) * | 1996-05-24 | 1998-08-25 | Lsi Logic Corporation | Single chip solution for multimedia GSM mobile station systems |
US5796830A (en) * | 1996-07-29 | 1998-08-18 | International Business Machines Corporation | Interoperable cryptographic key recovery system |
-
1996
- 1996-12-18 US US08/768,674 patent/US5818939A/en not_active Expired - Lifetime
-
1997
- 1997-11-25 GB GB9913962A patent/GB2336080B/en not_active Expired - Fee Related
- 1997-11-25 WO PCT/US1997/021900 patent/WO1998027685A1/en active Application Filing
- 1997-11-25 AU AU59565/98A patent/AU5956598A/en not_active Abandoned
- 1997-11-25 DE DE19782199T patent/DE19782199T1/en not_active Ceased
- 1997-12-18 TW TW086119214A patent/TW344051B/en not_active IP Right Cessation
-
1998
- 1998-05-18 US US09/080,742 patent/US6115816A/en not_active Expired - Lifetime
Non-Patent Citations (1)
Title |
---|
ZOLLVER T., As Good as Gold-Telecom Report International, 1995, Vol. 18, No. 4, SIEMENS AG, MUNICH, GERMANY. * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6981140B1 (en) | 1999-08-17 | 2005-12-27 | Hewlett-Packard Development Company, L.P. | Robust encryption and decryption of packetized data transferred across communications networks |
GB2353676A (en) * | 1999-08-17 | 2001-02-28 | Hewlett Packard Co | Robust encryption and decryption of packetised data transferred across communications networks |
US7920701B1 (en) | 2004-12-15 | 2011-04-05 | Nvidia Corporation | System and method for digital content protection |
US8473750B2 (en) | 2004-12-15 | 2013-06-25 | Nvidia Corporation | Chipset security offload engine |
EP1801725A2 (en) * | 2005-12-14 | 2007-06-27 | Nvidia Corporation | Chipset security offload engine |
EP1801725A3 (en) * | 2005-12-14 | 2007-07-11 | Nvidia Corporation | Chipset security offload engine |
KR100893980B1 (en) | 2005-12-14 | 2009-04-20 | 엔비디아 코포레이션 | Chipset security offload engine |
JP2010191946A (en) * | 2008-12-31 | 2010-09-02 | Intel Corp | Enforcing use of chipset key management services for encrypted storage device |
EP2207123A3 (en) * | 2008-12-31 | 2010-09-22 | Intel Corporation | Enforcing use of chipset key management services for encrypted storage devices |
US8103883B2 (en) | 2008-12-31 | 2012-01-24 | Intel Corporation | Method and apparatus for enforcing use of danbury key management services for software applied full volume encryption |
JP2012064237A (en) * | 2008-12-31 | 2012-03-29 | Intel Corp | Enforcing use of chipset key management services for encrypted storage device |
US8281135B2 (en) | 2008-12-31 | 2012-10-02 | Intel Corporation | Enforcing use of chipset key management services for encrypted storage devices |
EP2207123A2 (en) | 2008-12-31 | 2010-07-14 | Intel Corporation | Enforcing use of chipset key management services for encrypted storage devices |
Also Published As
Publication number | Publication date |
---|---|
AU5956598A (en) | 1998-07-15 |
US6115816A (en) | 2000-09-05 |
GB2336080A (en) | 1999-10-06 |
US5818939A (en) | 1998-10-06 |
GB9913962D0 (en) | 1999-08-18 |
GB2336080B (en) | 2002-03-06 |
DE19782199T1 (en) | 1999-11-18 |
TW344051B (en) | 1998-11-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5818939A (en) | Optimized security functionality in an electronic system | |
JP4703791B2 (en) | Data re-encryption apparatus and method | |
US6778667B1 (en) | Method and apparatus for integrated ciphering and hashing | |
US6393565B1 (en) | Data management system and method for a limited capacity cryptographic storage unit | |
US9954826B2 (en) | Scalable and secure key management for cryptographic data processing | |
US6058478A (en) | Apparatus and method for a vetted field upgrade | |
US6389533B1 (en) | Anonymity server | |
US5633932A (en) | Apparatus and method for preventing disclosure through user-authentication at a printing node | |
US8392727B2 (en) | System and method for transparent disk encryption | |
US5623637A (en) | Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys | |
US6708272B1 (en) | Information encryption system and method | |
US7095859B2 (en) | Managing private keys in a free seating environment | |
JP5417092B2 (en) | Cryptography speeded up using encrypted attributes | |
EP0851335A2 (en) | Secure two-piece user authentication in a computer network | |
US20090106561A1 (en) | Data management apparatus and data management method | |
US20080072071A1 (en) | Hard disc streaming cryptographic operations with embedded authentication | |
US6944762B1 (en) | System and method for encrypting data messages | |
JP2009219162A (en) | Validation of inclusion of platform within data center | |
US6718468B1 (en) | Method for associating a password with a secured public/private key pair | |
KR20050086885A (en) | System and method for securely installing a cryptographic system on a secure device | |
US7076062B1 (en) | Methods and arrangements for using a signature generating device for encryption-based authentication | |
JP3581601B2 (en) | Data transfer device, data transfer system and recording medium | |
US6704868B1 (en) | Method for associating a pass phase with a secured public/private key pair | |
JPH09200194A (en) | Device and method for security communication | |
JP2000295208A (en) | Contents transfer/storage method, its device and program recording medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CU CZ CZ DE DE DK DK EE EE ES FI FI GB GE GH HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG UZ VN YU ZW AM AZ BY KG KZ MD RU TJ TM |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH KE LS MW SD SZ UG ZW AT BE CH DE DK ES FI FR |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
CFP | Corrected version of a pamphlet front page |
Free format text: REVISED ABSTRACT RECEIVED BY THE INTERNATIONAL BUREAU AFTER COMPLETION OF THE TECHNICAL PREPARATIONS FOR INTERNATIONAL PUBLICATION |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
RET | De translation (de og part 6b) |
Ref document number: 19782199 Country of ref document: DE Date of ref document: 19991118 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 19782199 Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase |