公开(公告)号：US09419954B1

公开(公告)日：2016-08-16

申请号：US14506593

申请日：2014-10-03

Applicant: LOCKHEED MARTIN CORPORATION

Inventor： Michael F. Riera ,  Thomas E. Herald, Jr. ,  Javier A. Rivas

IPC: H04L29/06 ,  G06F21/57

CPC classification number: G06F21/78 ,  G06F21/575 ,  G06F21/606 ,  G06F21/62 ,  G06F21/6245 ,  G06F21/79 ,  G06F21/85 ,  G06F21/86 ,  H04L9/0861 ,  H04L63/0471 ,  H04L63/06 ,  H04L63/062 ,  H04L63/101 ,  H04L63/145 ,  H04W12/00

Abstract: A system for secure key management including a secondary device comprising a programmable hardware component and an associated secure data storage, wherein the secondary device comprises a one-way communications link to receive input unilaterally from a computing device, an encryption key generator to generate and store encryption keys on the secure data storage, and an encryption key distribution module to distribute encryption keys to one or more destinations on a computer network through a communications interface component, wherein the distribution is adapted to bypass a central processor of the computing device. A method is also provided.

Abstract translation: 一种用于安全密钥管理的系统，包括包括可编程硬件组件和相关联的安全数据存储器的辅助设备，其中所述辅助设备包括用于从计算设备单方面接收输入的单向通信链路，生成和存储的加密密钥发生器 安全数据存储器上的加密密钥，以及加密密钥分配模块，用于通过通信接口组件将加密密钥分发到计算机网络上的一个或多个目的地，其中所述分发适于绕过所述计算设备的中央处理器。 还提供了一种方法。

公开(公告)号：US20160218523A1

公开(公告)日：2016-07-28

申请号：US15002123

申请日：2016-01-20

Applicant: Microchip Technology Incorporated

Inventor： Keith Curtis

IPC: H02J7/00 ,  G06F1/26 ,  H04B1/52

CPC classification number: H02J7/0013 ,  G06F1/263 ,  G06F13/38 ,  G06F21/44 ,  G06F21/81 ,  G06F21/85 ,  H01M2/30 ,  H01M10/4257 ,  H01M10/48 ,  H01M2010/4278 ,  H02J7/00 ,  H02J7/0004 ,  H04B1/52

Abstract: A standard two terminal battery package is configured to communicate with an external charger or load, without requiring modification to the battery mechanics and/or high current circuit components integral with the battery. A transmitter and receiver (transceiver) are incorporated into the battery housing. An associated battery charger and/or load, e.g., tool, appliance, vacuum, etc., has a corresponding transceiver configured to communicate with the battery transceiver. A microcontroller may be coupled to the transceiver. Serial number verification between the battery and tool load can be verified. Sensors for temperature, voltage, pressure and pH may be coupled between the battery and microcontroller for monitoring battery temperature, voltage charge and condition during operation or charging thereof. Information from these sensors and more may be communicated from the battery to the load or battery charger. Furthermore, the battery charger may communicate over the Internet for battery operational history collection and theft identification.

Abstract translation: 标准的两端电池组件被配置为与外部充电器或负载进行通信，而不需要修改与电池一体的电池机构和/或高电流电路部件。 发射器和接收器（收发器）被并入到电池壳体中。 相关联的电池充电器和/或负载，例如工具，器具，真空等具有配置成与电池收发器通信的对应收发器。 微控制器可以耦合到收发器。 可以验证电池和工具负载之间的序列号验证。 温度，电压，压力和pH值的传感器可以耦合在电池和微控制器之间，用于监视电池温度，电压充电以及操作期间的状态或充电状态。 来自这些传感器和更多信息的信息可以从电池传送到负载或电池充电器。 此外，电池充电器可以通过互联网进行电池操作历史收集和盗窃识别。

公开(公告)号：US20160203341A1

公开(公告)日：2016-07-14

申请号：US14913206

申请日：2014-07-17

Applicant: SIEMENS AG ÖSTERREICH

Inventor： Friedrich EPPENSTEINER ,  Majid GHAMESHLU ,  Herbert TAUCHER

IPC: G06F21/76 ,  G06F13/42 ,  G06F13/364 ,  G06F21/75 ,  G06F21/85

CPC classification number: G06F21/75 ,  G06F13/364 ,  G06F13/4282 ,  G06F21/76 ,  G06F21/85

Abstract: A circuit arrangement and method for securing an integrated electronic circuit against scans of an address space, wherein the circuit arrangement has at least one master unit and at least one slave unit interconnected via a bus system for access of the master unit to the slave unit, and addresses are used from an address space that is allocated and used in accordance with functionalities of the integrated electronic circuit, where a defense slave unit is connected to the bus system, access to unused address regions of the address space are forwarded to the defense slave unit, the access is analyzed and evaluated by the defense slave unit and depending on an analysis result and the respective access type, defensive measures are triggered, such that address space scans are interrupted or a potential scan result is rendered useless in a simple manner.

Abstract translation: 一种用于固定集成电子电路以抵抗地址空间的扫描的电路装置和方法，其中所述电路装置具有至少一个主单元和经由总线系统互连的至少一个从单元，用于将所述主单元接入所述从单元， 并且从根据集成电子电路的功能分配和使用的地址空间使用地址，其中防御从单元连接到总线系统，对地址空间的未使用的地址区域的访问被转发到防御从站 单元，由防御从属单元分析和评估访问，并且根据分析结果和相应的访问类型，触发防御措施，使得地址空间扫描被中断或潜在的扫描结果以简单的方式变得无用。

公开(公告)号：US20160162709A1

公开(公告)日：2016-06-09

申请号：US14563139

申请日：2014-12-08

Applicant: Michael Andreas STAUDENMAIER ,  Frank STEINERT ,  Robert Cristian KRUTSCH

Inventor： Michael Andreas STAUDENMAIER ,  Frank STEINERT ,  Robert Cristian KRUTSCH

IPC: G06F21/72 ,  G06F21/78 ,  G06T1/20 ,  H04L9/08 ,  G06T15/04 ,  G06T1/60

CPC classification number: G06F21/72 ,  G06F21/78 ,  G06F21/85 ,  G06T1/20 ,  G06T15/04 ,  G09C5/00 ,  H04L9/14

Abstract: A 3D graphics system uses encryption keys to decrypt received and stored texture tiles of a texture in accordance with received and stored texture tile status data which indicates whether a texture tiles is encrypted or not and which one of the encryption keys is used. The decrypted texture tiles are rendered and at least a plurality of the rendered tiles is encrypted. The encrypted rendered tiles are stored in a frame buffer. Buffer tile status data is stored which indicates whether a rendered tile is encrypted or not before storage in the frame buffer, and which one of the encryption keys has been used. The encrypted rendered tiles stored in the frame buffer are decrypted in accordance with the buffer tile status data.

Abstract translation: 3D图形系统使用加密密钥来根据接收和存储的纹理瓦片状态数据来解密纹理的接收和存储的纹理瓦片，该纹理瓦片状态数据指示纹理瓦片是否被加密，以及使用哪个加密密钥。 解密的纹理图块被渲染，并且至少多个渲染的图块被加密。 加密的渲染瓦片被存储在帧缓冲器中。 存储缓冲区块状态数据，其指示在帧缓冲器中存储之前是否加密了已渲染的块，并且已经使用了哪个加密密钥。 存储在帧缓冲器中的加密渲染瓦片根据缓冲器瓦片状态数据被解密。

公开(公告)号：US20160154746A1

公开(公告)日：2016-06-02

申请号：US14960932

申请日：2015-12-07

Applicant: Laurence H. COOKE

Inventor： Laurence H. COOKE

IPC: G06F12/14 ,  G06F12/08

CPC classification number: G06F12/1408 ,  G06F9/30178 ,  G06F12/0811 ,  G06F12/0875 ,  G06F21/52 ,  G06F21/75 ,  G06F21/85 ,  G06F2212/1052 ,  G06F2212/283 ,  G06F2212/402 ,  G06F2212/452 ,  G06F2221/2125

Abstract: Techniques and logic are presented for encrypting and decrypting applications and related data within a multi-processor system to prevent tampering. The decryption and encryption may be performed either between a system bus and a processor's individual L1 cache memory or between a processor's instruction and execution unit and their respective L1 caches. The logic may include one or more linear feedback shift registers (LFSRs) that may be used for generation of unique sequential address related codes to perform the decryption of instructions and transformation logic that may be used for generation of equivalent offset address related codes to perform decryption and encryption of data. The logic may also be programmable and may be used for test purposes.

Abstract translation: 提出了技术和逻辑，用于在多处理器系统内加密和解密应用程序和相关数据，以防止篡改。 解密和加密可以在系统总线和处理器的单个L1高速缓冲存储器之间或处理器的指令和执行单元与它们各自的L1高速缓存之间执行。 该逻辑可以包括一个或多个线性反馈移位寄存器（LFSR），其可用于生成唯一的顺序地址相关代码，以执行指令和转换逻辑的解密，转换逻辑可用于产生等效的偏移地址相关代码以执行解密 和数据加密。 逻辑也可以是可编程的，并且可以用于测试目的。

公开(公告)号：US20160149865A1

公开(公告)日：2016-05-26

申请号：US14553351

申请日：2014-11-25

Applicant: Stavros Antonakakis ,  Bradley William Corrion

Inventor： Stavros Antonakakis ,  Bradley William Corrion

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  G06F21/71 ,  G06F21/82 ,  G06F21/85 ,  H04L63/20 ,  H04L63/205

Abstract: Two endpoint devices communicate with one another in a secure session by negotiating encrypted communications at initial establishment of the session. Each endpoint device communicates its available security profiles to the other endpoint. A specific security profile is then selected that defines the data encryption and authentication used during the secure session between the two endpoint devices.

Abstract translation: 两个端点设备在安全会话中通过在初始建立会话时协商加密通信来相互通信。 每个端点设备将其可用的安全配置文件传送到另一端点。 然后选择特定的安全简档，其定义在两个端点设备之间的安全会话期间使用的数据加密和认证。

公开(公告)号：US20160147985A1

公开(公告)日：2016-05-26

申请号：US14628785

申请日：2015-02-23

Applicant: International Business Machines Corporation

Inventor： Brian E. Bakke ,  Adrian C. Gerhard ,  Daniel F. Moertl

IPC: G06F21/30

CPC classification number: G06F21/45 ,  G06F9/468 ,  G06F21/30 ,  G06F21/44 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/71 ,  G06F21/85 ,  H04L63/101 ,  H04L67/42

Abstract: A method, system and computer program product are provided for implementing block extent granularity authorization processing for a Coherent Accelerator Processor Interface (CAPI) adapter. An Application Client requests authorization to a File from a system processor file system. The file system validates the request, determines the location of each Extent that comprises the File, and requests authorization to each Extent from a System CAPI Authorization manager. The System CAPI Authorization manager requests the CAPI Client manager to assign a Child Client ID and CAPI Server Register range to the requesting Application Client and requests a previously authorized CAPI Parent Client to authorize the Child ID to the list of Extents. The CAPI Parent Client sends a Create Authorizations command to the CAPI Adapter via the Parent's CAPI Server Registers. The CAPI Adapter validates the Parent Authorization Handle and CPI Server Register range for the specific Extent/Command/Resource, and creates an Authorization List by assigning a new Child Authorization Handle for each requested, validated Extent/Command/Resource. The Authorization List and the Child Client ID are returned to the File System.

公开(公告)号：US20160147983A1

公开(公告)日：2016-05-26

申请号：US14548825

申请日：2014-11-20

Applicant: International Business Machines Corporation

Inventor： Brian E. Bakke ,  Adrian C. Gerhard ,  Daniel F. Moertl

IPC: G06F21/30

CPC classification number: G06F21/30 ,  G06F9/468 ,  G06F21/62 ,  G06F21/6218 ,  G06F21/71 ,  G06F21/78 ,  G06F21/85

Abstract: A method, system and computer program product are provided for implementing block extent granularity authorization initialization processing in Coherent Accelerator Processor Interface (CAPI) adapters. A master owning client and CAPI Server Register space assigned to the Master Owning Client are identified. Address mapping is created for the Master Owning Client to access the assigned CAPI Server Register space. The Master Owning Client is enabled to send commands to the CAPI adapter, other CAPI clients are prevented from sending commands to the CAPI adapter via the CAPI Server Register space assigned to the Master Owning Client.

Abstract translation: 提供了一种在相干加速器处理器接口（CAPI）适配器中实现块扩展粒度授权初始化处理的方法，系统和计算机程序产品。 识别分配给主拥有客户端的主控客户端和CAPI服务器注册空间。 为主拥有客户端创建地址映射，以访问分配的CAPI服务器注册空间。 主控客户机可以向CAPI适配器发送命令，防止其他CAPI客户端通过分配给主控客户端的CAPI服务器寄存器空间向CAPI适配器发送命令。

公开(公告)号：US09342366B2

公开(公告)日：2016-05-17

申请号：US14053655

申请日：2013-10-15

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Junghee Lee ,  Sungryoul Lee ,  Deokjin Kim ,  Young Han Choi ,  Byungchul Bae ,  HyungGeun Oh ,  Kiwook Sohn ,  KyoungSoo Park ,  Yung Yi ,  Jihyung Lee ,  Sangwoo Moon

IPC: G06F9/455 ,  G06F9/46 ,  G06F9/50 ,  H04L29/06 ,  G06F21/55 ,  G06F21/85

CPC classification number: G06F9/505 ,  G06F9/5027 ,  G06F21/554 ,  G06F21/85 ,  H04L63/1416

Abstract: An intrusion detection apparatus and method using a load balancer responsive to traffic conditions between a central processing unit (CPU) and a graphics processing unit (GPU) are provided. The intrusion detection apparatus includes a packet acquisition unit, a character string check task allocation unit, a CPU character string check unit, and a GPU character string check unit. The packet acquisition unit receives packets, and stores the packets in a single task queue. The character string check task allocation unit determines the number of packets in the packet acquisition unit, and allocates character string check tasks to the CPU or the GPU. The CPU character string check unit compares the character strings of the packets with a character string defined in at least one detection rule inside the CPU. The GPU character string check unit compares the character strings of the packets with the character string inside the GPU.

Abstract translation: 提供了一种响应于中央处理单元（CPU）和图形处理单元（GPU）之间的交通状况的负载平衡器的入侵检测装置和方法。 入侵检测装置包括分组获取单元，字符串检查任务分配单元，CPU字符串检查单元和GPU字符串检查单元。 分组获取单元接收分组，并将分组存储在单个任务队列中。 字符串检查任务分配单元确定分组获取单元中的分组数量，并将字符串检查任务分配给CPU或GPU。 CPU字符串检查单元将分组的字符串与在CPU内的至少一个检测规则中定义的字符串进行比较。 GPU字符串检查单元将数据包的字符串与GPU内的字符串进行比较。

公开(公告)号：US09311506B1

公开(公告)日：2016-04-12

申请号：US14506597

申请日：2014-10-03

Applicant: LOCKHEED MARTIN CORPORATION

Inventor： Michael F. Riera ,  Thomas E. Herald, Jr. ,  Javier A. Rivas

IPC: G06F12/14 ,  G06F21/62 ,  G06F21/79

CPC classification number: G06F21/78 ,  G06F21/575 ,  G06F21/606 ,  G06F21/62 ,  G06F21/6245 ,  G06F21/79 ,  G06F21/85 ,  G06F21/86 ,  H04L9/0861 ,  H04L63/0471 ,  H04L63/06 ,  H04L63/062 ,  H04L63/101 ,  H04L63/145 ,  H04W12/00

Abstract: A method for storing and transmitting data across a computer network to one or more destinations is disclosed including storing source data on a secure data storage of a secondary device connected to a computing device. The computing device is configured to operate via an operating system and the secure data storage is adapted to receive input unilaterally from the computing device and store it as source data. Receiving one or more of routing, scheduling, and prioritization information for one or more destinations including other network-connected storage mediums or network-connected computing or peripheral devices, and transferring the source data from the secure data storage to the one or more destinations through a communications interface component connected to the computer network are also performed. The transferring is implemented via the secondary device while bypassing the central processor and in accordance with the one or more of routing, scheduling, and prioritization information.

Abstract translation: 公开了一种用于将计算机网络上的数据存储和传送到一个或多个目的地的方法，包括将源数据存储在连接到计算设备的辅助设备的安全数据存储上。 计算设备被配置为经由操作系统进行操作，并且安全数据存储器适于从计算设备单方面地接收输入并将其存储为源数据。 接收包括其他网络连接的存储介质或网络连接的计算或外围设备的一个或多个目的地的路由，调度和优先化信息中的一个或多个，并且将源数据从安全数据存储器传送到一个或多个目的地， 还执行连接到计算机网络的通信接口组件。 在绕过中央处理器并根据路由，调度和优先化信息中的一个或多个时，通过辅助设备实现传送。