公开(公告)号：US20110208966A1

公开(公告)日：2011-08-25

申请号：US13086359

申请日：2011-04-13

申请人： KIA SILVERBROOK

发明人： KIA SILVERBROOK

IPC分类号： H04L9/28

CPC分类号： G06F21/77 ,  G06F21/31 ,  G06F2221/2103 ,  G06F2221/2129 ,  G06F2221/2143 ,  H04L9/002 ,  H04L9/3218 ,  H04L9/3242 ,  H04L9/3271 ,  H04L2209/043 ,  H04L2209/08

摘要： An integrated circuit is provided for the authentication of a consumable storage device by an apparatus. The integrated circuit has a memory space which contains encrypted data defined by a message authentication code (MAC) applied to data relating to a consumable stored by the device. The MAC is a construction of an asymmetric cryptographic function whereby a public key KT stored by another integrated circuit of the apparatus is used to encrypt a random number generated by the another integrated circuit. A secret key KA stored by the integrated circuit is used to decrypt the encrypted random number. The decrypted random number is appended to data stored in the memory space. The secret key KA is used to encrypt the appended random number and data, and the public key KT is used to decrypt the encrypted random number appended to the data.

摘要翻译： 提供了一种集成电路，用于通过装置认证消耗性存储装置。 集成电路具有存储空间，该存储空间包含由应用于与由该设备存储的消耗品相关的数据的消息认证码（MAC）定义的加密数据。 MAC是非对称加密功能的结构，由此使用由设备的另一集成电路存储的公钥KT来加密由另一集成电路产生的随机数。 由集成电路存储的秘密密钥KA用于解密加密的随机数。 解密的随机数被附加到存储在存储空间中的数据。 秘密密钥KA用于加密所附加的随机数和数据，公钥KT用于对附加到数据上的加密随机数进行解密。

公开(公告)号：US20110154026A1

公开(公告)日：2011-06-23

申请号：US12645893

申请日：2009-12-23

申请人： Christofer Edstrom ,  Tushar Kanekar

发明人： Christofer Edstrom ,  Tushar Kanekar

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L9/3268 ,  H04L63/0823 ,  H04L63/166 ,  H04L67/2833 ,  H04L67/2842 ,  H04L2209/043 ,  H04L2209/30 ,  H04L2209/60 ,  H04L2209/76 ,  H04L2209/80

摘要： The present invention is directed towards systems and methods for processing an Online Certificate Status Protocol (OCSP) request in parallel to processing a Secure Socket Layer (SSL) handshake. The method includes transmitting, by an OCSP responder of an intermediary device between a plurality of clients and one or more servers, an OCSP request to a OCSP server for a status of a client certificate responsive to receiving the client certificate from a client during a SSL handshake. The intermediary device may continue to perform remaining portions of the SSL handshake while the OCSP request to the OCSP server is outstanding. The intermediary device may establish an SSL connection for the SSL handshake. The intermediary device may determine whether to terminate or maintain the established SSL connection based on the status of the client certificate received via a response from the OCSP server.

摘要翻译： 本发明涉及用于处理在线证书状态协议（OCSP）请求并行处理安全套接层（SSL）握手的系统和方法。 该方法包括在多个客户端和一个或多个服务器之间由中间设备的OCSP应答器向OCSP服务器发送响应于在SSL期间从客户端接收客户端证书的客户端证书的状态的OCSP请求 握手 当向OCSP服务器的OCSP请求未完成时，中间设备可以继续执行SSL握手的剩余部分。 中间设备可以建立用于SSL握手的SSL连接。 中介设备可以基于经由OCSP服务器的响应接收到的客户端证书的状态来确定是否终止或维护已建立的SSL连接。

公开(公告)号：US07962767B2

公开(公告)日：2011-06-14

申请号：US12756976

申请日：2010-04-08

申请人： Simon Robert Walmsley ,  Kia Silverbrook

发明人： Simon Robert Walmsley ,  Kia Silverbrook

IPC分类号： G06F12/14

CPC分类号： G06K19/073 ,  B41J2/14 ,  B41J2/16585 ,  B41J2/17503 ,  B41J2/17513 ,  B41J2/17596 ,  B42D25/00 ,  B42D2035/34 ,  G06F21/755 ,  G06F21/79 ,  G06F21/86 ,  G06F2221/2129 ,  G06K1/121 ,  G06K7/14 ,  G06K7/1417 ,  G06K19/06037 ,  G06Q20/3674 ,  G07F7/08 ,  G07F7/086 ,  G07F7/12 ,  G11C11/56 ,  H01L23/576 ,  H01L2924/0002 ,  H04L9/0891 ,  H04L9/0897 ,  H04L9/3218 ,  H04L9/3273 ,  H04L2209/043 ,  H04L2209/20 ,  H04L2209/60 ,  H04L2209/84 ,  H04N5/225 ,  H04N5/2628 ,  H01L2924/00

摘要： An integrated circuit is provided having first and second circuitry which are configured to emit light when undergoing changes in state. The first and second circuitry being operated to change state at the same time so as to hinder optical detection of the light emitted by the first circuitry.

摘要翻译： 提供具有第一和第二电路的集成电路，其被配置为当经历状态改变时发光。 第一和第二电路被操作以同时改变状态，从而妨碍对由第一电路发射的光的光学检测。

公开(公告)号：US07953982B2

公开(公告)日：2011-05-31

申请号：US12608911

申请日：2009-10-29

申请人： Simon Robert Walmsley

发明人： Simon Robert Walmsley

IPC分类号： H04L9/32

CPC分类号： H04L9/3236 ,  H04L9/12 ,  H04L9/3247 ,  H04L2209/043 ,  H04L2209/125 ,  H04L2209/20 ,  H04L2209/60

摘要： A method of authenticating a digital signature is provided. The method includes sending a request from a first entity to a second entity, at least some of the request being digitally signed with a base key by the first entity, receiving, at the first entity, a digital signature and a bit-pattern from the second entity, the digital signature having been generated by the second entity using a variant key to digitally sign at least part of data indicative of a value stored in the second entity which is to be authenticated, the variant key being based on the result of applying a one way function to the base key and the bit-pattern, receiving the data at the first entity, generating, at the first entity, the variant key from the bit-pattern and the base key, and authenticating, at the first entity, the digital signature using the generated variant key. Only the first entity includes the base key and the second entity includes the variant key and the bit-pattern.

摘要翻译： 提供了一种认证数字签名的方法。 该方法包括将请求从第一实体发送到第二实体，所述请求中的至少一些由第一实体用基本密钥进行数字签名，在第一实体处从第一实体接收数字签名和比特模式 所述第二实体已经由所述第二实体使用变体密钥生成的所述数字签名对所述被认证的所述第二实体中存储的指示值的数据的至少一部分进行数字签名，所述变体密钥基于应用结果 对所述基本密钥和所述比特模式的单向功能，在所述第一实体处接收所述数据，在所述第一实体处从所述比特模式和所述基本密钥生成所述变体密钥，以及在所述第一实体处， 使用生成的变体键的数字签名。 只有第一实体包括基本密钥，第二实体包括变体密钥和位模式。

公开(公告)号：US07886346B2

公开(公告)日：2011-02-08

申请号：US11704912

申请日：2007-02-12

申请人： Ravi Singh Sandhu ,  Ravi Ganesan ,  Andrew Paul Cottrell ,  Timothy Scott Renshaw ,  Brett Jason Schoppert ,  Kyle Austin

发明人： Ravi Singh Sandhu ,  Ravi Ganesan ,  Andrew Paul Cottrell ,  Timothy Scott Renshaw ,  Brett Jason Schoppert ,  Kyle Austin

IPC分类号： G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC分类号： H04L9/0825 ,  G06F21/31 ,  G06F2221/2115 ,  H04L9/321 ,  H04L9/3228 ,  H04L9/3271 ,  H04L63/0823 ,  H04L63/0838 ,  H04L63/14 ,  H04L63/1466 ,  H04L2209/043 ,  H04L2209/80

摘要： To authenticate a user of a communications network, credentials from the user are centrally receiving. An authentication sequence is retrieved from a plurality of retrievable authentication sequences, and the retrieved authentication sequence is performed to authenticate the user based on the received credentials.

摘要翻译： 要认证通信网络的用户，来自用户的凭证将集中接收。 从多个可检索认证序列中检索认证序列，并且根据所接收到的证书，执行检索的认证序列来认证用户。

公开(公告)号：US20100268692A1

公开(公告)日：2010-10-21

申请号：US12762350

申请日：2010-04-18

申请人： JASON K. RESCH

发明人： JASON K. RESCH

IPC分类号： G06F17/00 ,  G06F17/30

CPC分类号： H04L63/0428 ,  G06F11/1044 ,  G06F17/30156 ,  G06F17/30371 ,  G06F21/64 ,  G06F2211/1028 ,  G06F2211/1059 ,  H04L9/085 ,  H04L9/3236 ,  H04L63/12 ,  H04L67/1097 ,  H04L2209/043 ,  H04L2209/12 ,  H04L2209/603 ,  H04L2209/608 ,  H04L2209/80

摘要： An integrity record is appended to data slices prior to being sent to multiple slice storage units. Each of the data slices includes a different encoded version of the same data segment. An integrity indicator of each data slice is computed, and the integrity record is generated based on each of the individual integrity indicators, and may be, for example, list or a hash of the combined integrity indicators. When retrieving data slices from storage, the integrity record can be stripped off, a new integrity indicator of the data slice calculated, and a new integrity record created. The new integrity record can be compared to the original integrity record, and used to verify the integrity of the data slices.

摘要翻译： 在将数据片段发送到多个片段存储单元之前，将完整性记录附加到数据片段。 每个数据切片都包含相同数据段的不同编码版本。 计算每个数据切片的完整性指示符，并且基于每个单独完整性指示符生成完整性记录，并且可以是例如组合的完整性指示符的列表或散列。 从存储中检索数据片段时，完整性记录可以被剥离，计算出数据片段的新的完整性指标，并创建新的完整性记录。 新的完整性记录可以与原始完整性记录进行比较，并用于验证数据切片的完整性。

公开(公告)号：US20100031064A1

公开(公告)日：2010-02-04

申请号：US12030817

申请日：2008-02-13

申请人： Simon Robert Walmsley

发明人： Simon Robert Walmsley

IPC分类号： G06F21/02

CPC分类号： G06F21/77 ,  G06F21/31 ,  G06F2221/2103 ,  G06F2221/2129 ,  G06F2221/2143 ,  H04L9/002 ,  H04L9/3218 ,  H04L9/3242 ,  H04L9/3271 ,  H04L2209/043 ,  H04L2209/08

摘要： The invention provides for tamper detection line circuitry for an authentication integrated circuit for use in authenticating an integrated circuit. The tamper detection line circuitry includes a source of pseudo-random bits, and an XOR gate with two inputs and an output in signal communication with flash memory erase and reset circuits, where a complete erasure is triggered by a 0 from the XOR gate. The circuitry also includes first and second paths arranging the source and XOR gate in signal communication with each other, the first path connected to one input of the XOR gate and the second path having an inverter and connected to a second input of the XOR gate. Also included are a number of triggers connected to the respective paths, each trigger configured to detect a physical attack on the authentication integrated circuit.

摘要翻译： 本发明提供了用于认证集成电路的认证集成电路的篡改检测线路电路。 篡改检测线路电路包括伪随机位源，以及具有两个输入的XOR门和与闪速存储器擦除和复位电路进行信号通信的输出，其中完全擦除由来自XOR门的0触发。 电路还包括将源极和XOR门彼此信号通信的第一和第二路径，连接到异或门的一个输入的第一路径和具有反相器的第二路径连接到异或门的第二输入。 还包括连接到相应路径的多个触发器，每个触发器被配置为检测对认证集成电路的物理攻击。

公开(公告)号：US07614078B1

公开(公告)日：2009-11-03

申请号：US10406342

申请日：2003-04-02

申请人： Jeremy Stieglitz

发明人： Jeremy Stieglitz

IPC分类号： G09F7/04 ,  G06F17/30 ,  H04L9/32

CPC分类号： H04L9/321 ,  H04L2209/043 ,  Y10S707/99939

摘要： A method and apparatus for authorizing an access requester to access a data communication network is provided. A determination is made that a threshold access control server cannot process an access request associated with the access requester. Access requester history data, or data that describes the access history for an access requester, is analyzed to obtain a threshold access level. A threshold access level is an expression of how likely that a particular access requester is a legitimate access requester. A session profile is selected for the access requester based on the threshold access level. The session profile indicates one or more actions the access requester is authorized to perform in the network. The session profile may subsequently be transmitted to the access requester to allow the access requester access to the network to the extent appropriate in view of the access requester history data.

摘要翻译： 提供了一种用于授权访问请求者访问数据通信网络的方法和装置。 确定阈值访问控制服务器不能处理与访问请求者相关联的访问请求。 分析访问请求者历史数据或描述访问请求者的访问历史的数据以获得阈值访问级别。 阈值访问级别表示特定访问请求者是合法访问请求者的可能性。 基于阈值访问级别为访问请求者选择会话简档。 会话配置文件指示访问请求者被授权在网络中执行的一个或多个动作。 可以随后将会话简档发送到访问请求者，以允许访问请求者在访问请求者历史数据的考虑范围内对网络进行访问。

公开(公告)号：US20090043708A9

公开(公告)日：2009-02-12

申请号：US10942858

申请日：2004-09-17

申请人： Kia Silverbook ,  Simon Walmsley

发明人： Kia Silverbook ,  Simon Walmsley

IPC分类号： H04Q9/00

CPC分类号： G06K19/073 ,  B41J2/14 ,  B41J2/16585 ,  B41J2/17503 ,  B41J2/17513 ,  B41J2/17596 ,  B42D25/00 ,  B42D2035/34 ,  G06F21/755 ,  G06F21/79 ,  G06F21/86 ,  G06F2221/2129 ,  G06K1/121 ,  G06K7/14 ,  G06K7/1417 ,  G06K19/06037 ,  G06Q20/3674 ,  G06Q40/00 ,  G06Q40/04 ,  G07F7/08 ,  G07F7/086 ,  G07F7/12 ,  G11C11/56 ,  H01L23/576 ,  H01L2924/0002 ,  H04L9/004 ,  H04L9/0891 ,  H04L9/0897 ,  H04L9/3218 ,  H04L9/3273 ,  H04L2209/043 ,  H04L2209/20 ,  H04L2209/60 ,  H04L2209/84 ,  H04N5/225 ,  H04N5/2628 ,  H01L2924/00

摘要： A method of hindering optical detection of a pattern of data being stored, moved or processed by at least one active circuit in an integrated circuit, the active circuit including at least first and second active devices that change state within a period of time, such that each device exhibits low resistance in one state and high resistance in another state, the method comprising controlling timing of the change of state of the first active device relative to the second active device so as to prevent the devices having simultaneous intermediate resistances between the low and high resistances, thereby to reduce optical emission by the at least one active circuit compared to causing the changes of state of the two devices to happen simultaneously.

摘要翻译： 阻止光学检测由集成电路中的至少一个有效电路存储，移动或处理的数据模式的方法，所述有源电路至少包括在一段时间内改变状态的第一和第二有源器件，使得 每个器件在一种状态下具有低电阻并且在另一状态下具有高电阻，该方法包括控制第一有源器件相对于第二有源器件的状态变化的时序，以便防止具有同时中间电阻的器件在低与 从而与使两个器件的状态的变化同时发生相比，减少至少一个有源电路的光发射。

公开(公告)号：US20080240423A1

公开(公告)日：2008-10-02

申请号：US11772150

申请日：2007-06-30

申请人： Shay Gueron ,  Michael E. Kounavis

发明人： Shay Gueron ,  Michael E. Kounavis

IPC分类号： H04L9/28

CPC分类号： G06F7/724 ,  H04L9/0631 ,  H04L9/0643 ,  H04L9/3242 ,  H04L2209/043

摘要： Methods and apparatus to speed up Galois Counter Mode (GCM) computations are described. In one embodiment, a carry-less multiplication instruction may be used to perform operations corresponding to verification of an encrypted message in accordance with GCM. Other embodiments are also described.

摘要翻译： 描述加速伽罗瓦计数器模式（GCM）计算的方法和装置。 在一个实施例中，可以使用无进位乘法指令来执行与根据GCM的加密消息的验证相对应的操作。 还描述了其它实施例。