-
公开(公告)号:US20180183592A1
公开(公告)日:2018-06-28
申请号:US15389686
申请日:2016-12-23
CPC分类号: H04L9/0836 , H04L2209/30
摘要: An organizational signature authority delegates signature authority to one or more subordinate signature authorities by rolling up public keys from the subordinate signature authorities into a public key for the organization. A subordinate signature authority of the organizational signature authority generates cryptographic keys for use by the subordinate signature authority, and cryptographically derives a public key for the subordinate signature authority based at least in part on the cryptographic keys. In some examples, the subordinate signature authority acquires public keys from a lower subordinate signature authority, and the public key of the subordinate signature authority is cryptographically derived in part from the public key of the lower subordinate signature authority. The public key of the subordinate signature authority is provided to the organizational signature authority. A hash tree is generated from the public keys of the subordinate signature authorities to create the public key for the organization.
-
公开(公告)号:US09705859B2
公开(公告)日:2017-07-11
申请号:US14967214
申请日:2015-12-11
IPC分类号: H04L29/06
CPC分类号: H04L63/062 , H04L9/083 , H04L9/0841 , H04L9/321 , H04L9/3263 , H04L63/0442 , H04L63/061 , H04L63/0876 , H04L63/166
摘要: Clients within a computing environment may establish a secure communication session. Sometimes, a client may trust a cryptography service to perform some cryptographic operations and access some cryptographic resources while simultaneously not trusting the cryptography service to perform other operations and access other resources. Two or more clients may utilize a cryptography service to perform certain authentication and verification operations to establish a secure communication session, while simultaneously denying the cryptography service access to the secure communication session.
-
公开(公告)号:US09537657B1
公开(公告)日:2017-01-03
申请号:US14290699
申请日:2014-05-29
CPC分类号: H04L9/3226 , H04L9/0637 , H04L9/3242
摘要: Incremented authenticated encryption involves dividing a data stream to be encrypted into multiple data segments and encrypting each of the data segments. For each encrypted data segment, an authorization tag is generated. Each segment's authorization tag may be based on the corresponding segment's position in the sequence of data segments within the data stream. A segment authorization tag may be generated based on an segment initialization vector that may be incremented with each segment authorization tag. Each data segment may be encrypted independently of the others. Similarly, each encrypted data segment may be decrypted and authenticated independently of the others. Additionally, a final authentication tag may be generated. The final authentication tag may be used to authenticate all the data segments of the data stream as a whole.
摘要翻译: 递增的认证加密包括将要加密的数据流划分为多个数据段并对每个数据段进行加密。 对于每个加密的数据段,生成授权标签。 每个段的授权标签可以基于数据流内的数据段序列中相应段的位置。 可以基于可以与每个段授权标签递增的段初始化向量来生成段授权标签。 每个数据段可以独立于其他数据段进行加密。 类似地,每个加密的数据段可以被独立于其他加密的数据段解密和认证。 另外,可以生成最终认证标签。 最终的认证标签可用于对整个数据流的所有数据段进行认证。
-
公开(公告)号:US20160344549A1
公开(公告)日:2016-11-24
申请号:US15225725
申请日:2016-08-01
CPC分类号: H04L9/16 , G06F21/602 , H04L9/0618 , H04L9/0637 , H04L9/0643 , H04L9/0816 , H04L9/14 , H04L9/30 , H04L9/3239 , H04L9/3242 , H04L63/0428 , H04L63/06 , H04L63/123
摘要: A plaintext and cryptographic key are used to generate an initialization vector to be used in a cryptographic algorithm, such as an encryption algorithm. In some examples, the plaintext and cryptographic key are input into an effectively one-way function, such as a cryptographic hash function, the output of which is usable as an initialization vector. Cryptographic keys may be rotated probabilistically based at least in part on probabilities of output collisions of the effectively one-way function to ensure a low probability of two different plaintexts resulting in calculation of the same initialization vector for use with the same cryptographic key.
摘要翻译: 使用明文和密码密钥来产生要用于密码算法(例如加密算法)中的初始化向量。 在一些示例中,明文和密码密钥被输入到有效的单向函数中,例如密码散列函数,其输出可用作初始化向量。 密码密钥可以至少部分地基于有效单向函数的输出冲突的概率来概率地旋转,以确保两个不同明文的低概率,导致计算与相同加密密钥一起使用的相同的初始化向量。
-
公开(公告)号:US09405920B1
公开(公告)日:2016-08-02
申请号:US14284266
申请日:2014-05-21
CPC分类号: H04L63/123 , G06F21/602 , G06F21/604 , G06F21/64 , G06F21/645 , H04L63/061
摘要: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.
摘要翻译: 系统利用可用于验证明文有效性的信息来执行加密操作。 为了通过提供可用于验证明文有效性的信息来防止提供关于明文的信息,在实体被授权访问明文的条件下,系统提供可用于验证明文的有效性的信息给实体。 可用于验证明文有效性的信息可以与明文一起保持密文,以便在解密时能够验证明文。
-
公开(公告)号:US11748492B1
公开(公告)日:2023-09-05
申请号:US17194996
申请日:2021-03-08
IPC分类号: G06F21/00 , G06F21/60 , H04L9/14 , H04L9/06 , H04L9/16 , H04L9/08 , H04L9/32 , H04L9/40 , H04L9/30
CPC分类号: G06F21/602 , H04L9/0618 , H04L9/0637 , H04L9/0816 , H04L9/14 , H04L9/16 , H04L9/3239 , H04L9/3242 , H04L63/06 , H04L9/0643 , H04L9/30 , H04L63/0428 , H04L63/123
摘要: A plaintext and cryptographic key are used to generate an initialization vector to be used in a cryptographic algorithm, such as an encryption algorithm. In some examples, the plaintext and cryptographic key are input into an effectively one-way function, such as a cryptographic hash function, the output of which is usable as an initialization vector. Cryptographic keys may be rotated probabilistically based at least in part on probabilities of output collisions of the effectively one-way function to ensure a low probability of two different plaintexts resulting in calculation of the same initialization vector for use with the same cryptographic key.
-
公开(公告)号:US20220038283A1
公开(公告)日:2022-02-03
申请号:US17502851
申请日:2021-10-15
摘要: Systems and processes are described for establishing and using a secure channel. A shared secret may be used for authentication of session initiation messages as well as for generation of a private/public key pair for the session. A number of ways of agreeing on the shared secret are described and include pre-sharing the keys, reliance on a key management system, or via a token mechanism that uses a third entity such as a hub to manage authentication, for example. In some instances, the third party may also perform endpoint selection (e.g., load balancing) by providing a particular endpoint along with the token.
-
公开(公告)号:US11184155B2
公开(公告)日:2021-11-23
申请号:US16174033
申请日:2018-10-29
IPC分类号: H04L9/08
摘要: A cryptographic key management service receives a request to import a first cryptographic key. In response to the request, the service creates a public cryptographic key and a private cryptographic key. The private cryptographic key is encrypted using a second cryptographic key to create an import key token. The import key token and the public cryptographic key are provided in response to the request. The service receives an encrypted first cryptographic key, which the service decrypts using the private cryptographic key to obtain the first cryptographic key. The service stores the first cryptographic key and enables its use for the performance of cryptographic operations.
-
公开(公告)号:US20210326442A1
公开(公告)日:2021-10-21
申请号:US17321356
申请日:2021-05-14
发明人: Matthew John Campagna , Gregory Alan Rubin , Eric Jason Brandwine , Nicholas Alexander Allen , Andrew Kyle Driggs
摘要: A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.
-
公开(公告)号:US10685119B2
公开(公告)日:2020-06-16
申请号:US16195125
申请日:2018-11-19
摘要: A trusted co-processor can provide a hardware-based observation point into the operation of a host machine owned by a resource provider or other such entity. The co-processor can be installed via a peripheral card on a fast bus, such as a PCI bus, on the host machine. The co-processor can execute malware detection software, and can use this software to analyze data and/or code obtained from the relevant resources of the host machine. The trusted co-processor can notify the customer or another appropriate entity of the results of the scan, such that an appropriate action can be taken if malware is detected. The results of the scan can be trusted, as malware will be unable to falsify such a notification or modify the operation of the trusted co-processor.
-
-
-
-
-
-
-
-
-
搜索结果
119 条记录 (耗时 0.025 秒)
