-
公开(公告)号:US08522014B2
公开(公告)日:2013-08-27
申请号:US12282782
申请日:2007-03-15
申请人: Dominique Fedronic , Eric Le Saint , John Babbidge , Hong Liu
发明人: Dominique Fedronic , Eric Le Saint , John Babbidge , Hong Liu
CPC分类号: H04L9/0825 , G06F21/602 , G06F21/606
摘要: A system obtains assurance by a content provider that a content control key is securely stored in a remote security module for further secure communications between the content provider and the security module. A security module manufacturer, which has a pre-established trustful relation with the security module, imports a symmetric transport key into the security module. The symmetric transport key is unique to the security module. The content provider shares the symmetric transport key with the security module manufacturer. The content provider exchanging messages with the security module through a security module communication manager in order to get the proof that the security module stores the content control key. At least a portion of the messages exchanged between the content provider and the security module are protected using the symmetric transport key. The symmetric transport key is independent of said content control key.
摘要翻译: 系统获得内容提供商的保证,内容控制密钥被安全地存储在远程安全模块中,用于内容提供商和安全模块之间的进一步的安全通信。 与安全模块预先建立的可信关系的安全模块制造商将对称的传输密钥导入到安全模块中。 对称传输密钥对安全模块是唯一的。 内容提供商与安全模块制造商共享对称传输密钥。 内容提供者通过安全模块通信管理器与安全模块交换消息,以获得安全模块存储内容控制密钥的证据。 使用对称传输密钥来保护在内容提供商和安全模块之间交换的消息的至少一部分。 对称传输密钥与所述内容控制密钥无关。
-
公开(公告)号:US20120036551A1
公开(公告)日:2012-02-09
申请号:US12932499
申请日:2011-02-25
申请人: Eric Le Saint , John Boyer
发明人: Eric Le Saint , John Boyer
IPC分类号: G06F21/00
CPC分类号: H04L63/20 , G06F21/00 , G06F21/123 , G06F21/32 , G06F21/34 , G06F21/57 , G06F21/602 , H04L9/006 , H04L63/0853 , H04L63/10
摘要: A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session.
摘要翻译: 用于主计算机系统的安全框架,其允许主机通过确保由中间件应用程序管理的已建立的安全策略的实施来控制对兼容的安全令牌的访问。 使用一个或多个模块化安全应用代理程序来执行主计算机系统和安全令牌之间的处理。 模块化安全应用程序代理程序是安装在安全令牌中的安全应用程序的对应应用程序,可以检索和安装,以确保对方令牌和主机安全性应用程序之间的兼容性。 安全策略是主机安全策略和令牌安全策略的组合,它们在会话开始时由中间件应用程序逻辑组合。
-
公开(公告)号:US07921298B2
公开(公告)日:2011-04-05
申请号:US11939444
申请日:2007-11-13
申请人: Eric Le Saint , John Boyer
发明人: Eric Le Saint , John Boyer
IPC分类号: G06F21/00
CPC分类号: H04L63/20 , G06F21/00 , G06F21/123 , G06F21/32 , G06F21/34 , G06F21/57 , G06F21/602 , H04L9/006 , H04L63/0853 , H04L63/10
摘要: A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session.
摘要翻译: 用于主计算机系统的安全框架,其允许主机通过确保由中间件应用程序管理的已建立的安全策略的实施来控制对兼容的安全令牌的访问。 使用一个或多个模块化安全应用代理程序来执行主计算机系统和安全令牌之间的处理。 模块化安全应用程序代理程序是安装在安全令牌中的安全应用程序的对应应用程序,可以检索和安装,以确保对方令牌和主机安全性应用程序之间的兼容性。 安全策略是主机安全策略和令牌安全策略的组合,它们在会话开始时由中间件应用程序逻辑组合。
-
公开(公告)号:US20080022381A1
公开(公告)日:2008-01-24
申请号:US11834615
申请日:2007-08-06
申请人: Eric Le Saint
发明人: Eric Le Saint
IPC分类号: H04L9/00
CPC分类号: G07F7/02 , G06F21/52 , G06F21/604 , G06F21/77
摘要: This invention provides a security token architecture which supports modular security application installations without loss of existing data or requiring the reinstallation of existing applications served by the security application modules. The architecture is compliant with the international standard ISO/IEC 7816-4, “Information technology—Identification tokens—Integrated circuit(s) tokens with contacts—Part 4: Interindustry commands for interchange.” An application is integrated into a security domain which serves as a centralized security applications programming interface between one or more token service applications and a series of security application modules. The API provides a more uniform security application interface which improves overall interoperability of the modular security applications and simplifies security application development. The API provides a separate shareable interface which facilitates changes in security applications without disruption of existing application dependencies and allows customization of security properties associated with the installed security applications.
摘要翻译: 本发明提供一种安全令牌架构,其支持模块化安全应用程序安装,而不会丢失现有数据或要求重新安装由安全应用程序模块提供的现有应用程序。 该架构符合国际标准ISO / IEC 7816-4“信息技术 - 识别令牌 - 具有联系人的集成电路标记” - 第4部分:互换的行业指令。 应用程序集成到一个安全域中,作为一个或多个令牌服务应用程序和一系列安全应用程序模块之间的集中式安全应用程序编程接口。 API提供了更加统一的安全应用程序界面,可提高模块化安全应用程序的整体互操作性,并简化安全应用程序的开发。 API提供了一个单独的可共享接口,便于安全应用程序的更改,而不会中断现有的应用程序依赖关系,并允许自定义与安装的安全应用程序相关联的安全属性。
-
公开(公告)号:US20060230437A1
公开(公告)日:2006-10-12
申请号:US11397710
申请日:2006-04-05
IPC分类号: H04L9/32
CPC分类号: G06F21/31 , G06F21/6245 , G06F2221/2147 , H04L9/0836 , H04L9/321 , H04L63/0428 , H04L63/065 , H04L63/104
摘要: A secure and transparent digital credential sharing arrangement which utilizes one or more cryptographic levels of indirection to obfuscate a sharing entity's credentials from those entities authorized to share the credentials. A security policy table is provided which allows the sharing entity to selectively authorize or revoke digital credential sharing among a plurality of entities. Various embodiments of the invention provide for secure storage and retrieval of digital credentials from security tokens such as smart cards. The secure sharing arrangement may be implemented in hierarchical or non-hierarchical embodiments as desired.
摘要翻译: 利用一个或多个间接密码级别的安全和透明的数字凭证共享安排来从授权共享证书的那些实体中模糊共享实体的凭证。 提供了一种安全策略表,其允许共享实体选择性地授权或撤销多个实体之间的数字凭证共享。 本发明的各种实施例提供了从诸如智能卡的安全令牌的数字凭证的安全存储和检索。 安全共享布置可以根据需要在分级或非分层实施例中实现。
-
6.发明申请Trusted and unsupervised digital certificate generation using a security token 有权使用安全令牌进行信任和无人监督的数字证书生成公开(公告)号:US20050138386A1
公开(公告)日:2005-06-23
申请号:US10740889
申请日:2003-12-22
申请人: Eric Le Saint
发明人: Eric Le Saint
CPC分类号: H04L9/0861 , G06F2221/2103 , G06F2221/2115 , G06F2221/2153 , G06Q20/38215 , H04L9/006 , H04L9/0825 , H04L9/14 , H04L9/30 , H04L9/321 , H04L9/3226 , H04L9/3234 , H04L9/3242 , H04L9/3247 , H04L9/3263 , H04L9/3268 , H04L9/3271 , H04L63/062 , H04L63/0807 , H04L63/0823 , H04L63/0853 , H04L63/12 , H04L2209/56 , H04L2209/80
摘要: A method, system and computer program product for ensuring PKI key pairs are operatively installed within a secure domain of a security token prior to generating a digital certificate. The public key component of the PKI key pair is incorporated into a digital certificate which is returned to the security token for storage. The arrangement included herein incorporates the use of a critical security parameter to ensure a chain of trust with an issuing entity such as a registration authority. Furthermore, the arrangement does not require security officer or system administrator oversight during digital certificate generation as the critical security parameter provides a sufficient level of trust to ensure that digital certificate generation is being performed in conjunction with a designated security token rather than a rogue application. Lastly, separate inventive embodiments allow alternate communications and verification arrangements to be implemented.
摘要翻译: 在产生数字证书之前,用于确保PKI密钥对的方法,系统和计算机程序产品可操作地安装在安全令牌的安全域内。 PKI密钥对的公共密钥组件被并入到数字证书中,该证书返回到安全令牌以进行存储。 本文中包括的安排包括使用关键的安全参数来确保与发行实体(例如注册机构)的信任链。 此外,该安排在数字证书生成期间不需要安全员或系统管理员监督,因为关键的安全参数提供了足够的信任级别,以确保与指定的安全令牌而不是流氓应用程序一起执行数字证书生成。 最后,独立的发明实施例允许实现替代的通信和验证安排。
-
公开(公告)号:US20190173672A1
公开(公告)日:2019-06-06
申请号:US16257882
申请日:2019-01-25
摘要: Systems and methods are provided for confidential communication management. For example, a client computer can determine a client key pair comprising a client private key and a client public key. The client computer can further determine a protected server key identifier, identify a server public key associated with the protected server key identifier, and generating a shared secret using the server public key and the client private key. The client computer can further encrypt message data using the shared secret and sending, to a server computer, a message including the encrypted message data, the protected server key identifier, and the client public key. The protected server key identifier can be associated with the server computer and can be usable by the server computer to identify a server private key to be used in decrypting the encrypted message data.
-
公开(公告)号:US20180205539A1
公开(公告)日:2018-07-19
申请号:US15920271
申请日:2018-03-13
申请人: Eric Le Saint
发明人: Eric Le Saint
CPC分类号: H04L9/0819 , H04L9/0844 , H04L9/14 , H04L63/061 , H04L2209/04 , H04L2209/16 , H04L2209/24 , H04L2209/56 , H04L2209/805 , H04W12/04
摘要: Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device's public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.
-
公开(公告)号:US20180198606A1
公开(公告)日:2018-07-12
申请号:US15915614
申请日:2018-03-08
IPC分类号: H04L9/08
CPC分类号: H04L9/0844 , H04L9/0822 , H04L9/0825 , H04L9/14
摘要: Systems and methods are provided for confidential communication management. For example, a client computer can determine a client key pair comprising a client private key and a client public key. The client computer can further determine a protected server key identifier, identify a server public key associated with the protected server key identifier, and generating a shared secret using the server public key and the client private key. The client computer can further encrypt message data using the shared secret and sending, to a server computer, a message including the encrypted message data, the protected server key identifier, and the client public key. The protected server key identifier can be associated with the server computer and can be usable by the server computer to identify a server private key to be used in decrypting the encrypted message data.
-
公开(公告)号:US20170222801A1
公开(公告)日:2017-08-03
申请号:US15489409
申请日:2017-04-17
申请人: Eric Le Saint
发明人: Eric Le Saint
CPC分类号: H04L9/0819 , H04L9/0844 , H04L9/14 , H04L63/061 , H04L2209/04 , H04L2209/16 , H04L2209/24 , H04L2209/56 , H04L2209/805 , H04W12/04
摘要: Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device's public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.
-
-
-
-
-
-
-
-
-
搜索结果
31 条记录 (耗时 0.02 秒)
