公开(公告)号：WO2009041804A3

公开(公告)日：2009-05-22

申请号：PCT/MY2008000114

申请日：2008-09-25

Applicant: MIMOS BERHAD ,  NG KANG SIONG ,  SEA CHONG SEAK ,  TALIB AZHAR ABU

Inventor： NG KANG SIONG ,  SEA CHONG SEAK ,  TALIB AZHAR ABU

IPC: H04L9/32

CPC classification number: H04L9/3271 ,  H04L9/3234

Abstract: A setup for secure instant messaging allowing a user to use a smart card (32a) to authenticate its identification is described. A server (21) generates a random number and a network sends the random number to a user's client (31a). The smart card (32a) stores a unique private key for each user and encrypts the random number with a user's private key. A database (11) provides a public key. The server (21) decrypts the random number with the public key, compares the decrypted number with the random number, whereby same number validates the users identity to establish a secure connection between validated user's client and server, allowing a user to log onto a secure instant messaging network. A user can also retrieve peer user's internet protocol and public key to establish a client-to-client connection, where the data communicated between them can be encrypted using the peer's public key and can only be decrypted using the user's private key stored in the user's smart card (32a). A breakdown detection feature is also described.

公开(公告)号：WO2009051471A3

公开(公告)日：2009-07-16

申请号：PCT/MY2008000112

申请日：2008-09-22

Applicant: MIMOS BERHAD ,  WONG HAU KEONG ,  HARON GALOH RASHIDAH ,  TAN FUI BEE ,  SEA CHONG SEAK ,  NG KANG SIONG ,  ABU TALIB AZHAR BIN

Inventor： WONG HAU KEONG ,  HARON GALOH RASHIDAH ,  TAN FUI BEE ,  SEA CHONG SEAK ,  NG KANG SIONG ,  ABU TALIB AZHAR BIN

IPC: G06F15/00 ,  G06F21/53 ,  G06F21/57

CPC classification number: G06F21/57 ,  G06F21/53

Abstract: A trusted computer platform method and system is disclosed for a secure computer system without a trust credential. The platform provides a functionality of a secure or 'trusted computing' (TC) environment to prevent or block unauthorized computer programs or applications from running within the computer system and provide a fully trusted computer system having 1) endorsement key; 2) secure input and output; 3) memory curtaining / protected execution; 4) sealed storage; and 5) remote attestation. The trusted computer platform is an implementation that achieves at least a mechanism to proactively establish more trusted relationships for remote or local access through secure user authentication and machine attestation, protect encryption keys and digital signature keys to maintain data confidentiality and integrity, protect key operations and other security tasks that would otherwise be performed on unprotected interfaces in unprotected communications, or protect platform and user authentication information from software- based attacks.

Abstract translation: 公开了一种可靠的计算机平台方法和系统，用于没有信任凭证的安全计算机系统。 该平台提供安全或“可信计算”（TC）环境的功能，以防止或阻止未经授权的计算机程序或应用程序在计算机系统内运行，并提供具有1）认可密钥的完全信任的计算机系统; 2）安全输入和输出; 3）内存管理/保护执行; 4）密封储存; 和5）远程认证。 可信计算机平台是实现至少一种机制，以通过安全用户认证和机器认证来主动建立远程或本地访问的可信赖关系，保护加密密钥和数字签名密钥以维护数据的机密性和完整性，保护关键操作和 否则将在未受保护的通信中对未受保护的接口执行的其他安全任务，或保护平台和用户认证信息免受基于软件的攻击。

公开(公告)号：WO2009041801A3

公开(公告)日：2009-07-02

申请号：PCT/MY2008000103

申请日：2008-09-19

Applicant: MIMOS BERHAD ,  NG KANG SIONG

Inventor： NG KANG SIONG

IPC: G06F15/16

CPC classification number: G06F15/16

Abstract: There is disclosed a method and apparatus adapted for securing computing process running on a computing hardware node in a grid computing system through the formation of virtual trusted node. Grid computing breaks up a computational task into a smaller computation sub-tasks. These sub-tasks are distributed to many computers where once executed, the results are returned to a centralized node for compilation. Data integrity and security becomes are of paramount concern. The proposed invention solve such a concern by providing a method of creating a virtual trusted node in a grid computing system through the creation of wrapped-task (11, 21) by wrapping a software for the sub-tasks together with an operating system (12, 22), sending the wrapped-task to the computer (40) in the grid computing system and executing the wrapped- task by way of a virtual machine monitor (30) and a trusted platform module (41). The operating system is provided with only the minimum and necessary functions to execute the wrapped-task. A computer apparatus (40) for creating such virtual trusted node is also disclosed.

Abstract translation: 公开了一种适于通过形成虚拟可信节点来保护运行在网格计算系统中的计算硬件节点上的计算过程的方法和装置。 网格计算将计算任务分解成较小的计算子任务。 这些子任务分发到许多计算机，一旦执行，则将结果返回到集中式节点进行编译。 数据完整性和安全性成为首要考虑。 提出的发明通过提供一种在网格计算系统中创建虚拟可信节点的方法来解决这种担心，该方法是通过用操作系统（12）包裹用于子任务的软件来创建包裹任务（11,21） ，22），将所述包装任务发送到所述网格计算系统中的计算机（40）并且通过虚拟机监视器（30）和可信平台模块（41）执行所述包裹任务。 操作系统只提供执行包装任务的最小和必要的功能。 还公开了一种用于创建这种虚拟可信节点的计算机装置（40）。

公开(公告)号：WO2009066978A2

公开(公告)日：2009-05-28

申请号：PCT/MY2008000115

申请日：2008-09-26

Applicant: MIMOS BERHAD ,  WONG HAU KEONG ,  HARON GALOH RASHIDAH ,  TAN FUI BEE ,  SEA CHONG SEAK ,  NG KANG SIONG ,  ABU TALIB AZHAR BIN

Inventor： WONG HAU KEONG ,  HARON GALOH RASHIDAH ,  TAN FUI BEE ,  SEA CHONG SEAK ,  NG KANG SIONG ,  ABU TALIB AZHAR BIN

IPC: H04L9/32 ,  G06F15/16

CPC classification number: H04L63/0428 ,  H04L63/06 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/0884 ,  H04L63/10

Abstract: A method and system is disclosed for the issuance of a proxy digital certificate to a grid portal in distributed computing infrastructure through data transfer across a public network. More specifically, the invention concerns a method and a system for proxy digital certificate issuance from an end entity certificate to a grid portal of a distributed or grid computing infrastructure via a web browser, where the proxy digital certificate resides in a web server and the issuance of the proxy digital certificate may be applied on any web based application through a public network such as the Internet.

公开(公告)号：WO2009061171A2

公开(公告)日：2009-05-14

申请号：PCT/MY2008000132

申请日：2008-11-10

Applicant: MIMOS BERHAD ,  NG KANG SIONG ,  TAN FUI BEE

Inventor： NG KANG SIONG ,  TAN FUI BEE

IPC: G06F21/12 ,  H04L9/32 ,  H04W12/06

CPC classification number: H04L63/126 ,  G06F21/123 ,  H04L63/0823 ,  H04L63/0853

Abstract: The present invention relates to a system and method for protecting a licensed software application (31) from piracy within a computer system by using a smart card (32) and a license code. The system for protecting a licensed software application (31) comprises a smart card (32), a licensed software (31), a registration software (11 ) running on a registration server (10) and a license code generator (21). Meanwhile, the method comprises the steps of determining the presence of a license code, decrypting the license code using user's private key from the smart card (32), verifying a digital signature in the license code, and checking the expiry date of the software (31) for execution of the software application. If the license code is not available, the method further requires the user to use certificate-based-login to a website and register using the smart card (32) that is provided by the software vendor. Subsequently, user's information and certificate is sent through a secure channel to the vendor's server and server side application digitally signs the program license expiry date and encrypt with recipient public key. Then, the license code is sent back to the user and the decryption and verification process of the digital signature repeats.

Abstract translation: 本发明涉及通过使用智能卡（32）和许可证代码来保护许可软件应用程序（31）免受计算机系统内盗版的系统和方法。 用于保护许可软件应用程序（31）的系统包括智能卡（32），许可软件（31），在注册服务器（10）上运行的注册软件（11）和许可代码生成器（21）。 同时，该方法包括以下步骤：确定许可证代码的存在，使用来自智能卡（32）的用户私钥解密许可证代码，验证许可证代码中的数字签名以及检查软件的有效期（ 31）用于执行软件应用程序。 如果许可证代码不可用，该方法还要求用户使用基于证书的登录到网站并使用软件供应商提供的智能卡（32）来注册。 随后，通过安全通道将用户信息和证书发送到供应商的服务器端，服务器端应用程序对程序许可证有效期进行数字签名，并用接收方公钥进行加密。 然后，将许可证代码发送回用户，并重复数字签名的解密和验证过程。

公开(公告)号：WO2009041804A2

公开(公告)日：2009-04-02

申请号：PCT/MY2008000114

申请日：2008-09-25

Applicant: MIMOS BERHAD ,  NG KANG SIONG ,  SEA CHONG SEAK ,  TALIB AZHAR ABU

Inventor： NG KANG SIONG ,  SEA CHONG SEAK ,  TALIB AZHAR ABU

IPC: H04L9/32

CPC classification number: H04L9/3271 ,  H04L9/3234

Abstract: A setup for secure instant messaging allowing a user to use a smart card (32a) to authenticate its identification is described. A server (21) generates a random number and a network sends the random number to a user's client (31a). The smart card (32a) stores a unique private key for each user and encrypts the random number with a user's private key. A database (11) provides a public key. The server (21) decrypts the random number with the public key, compares the decrypted number with the random number, whereby same number validates the users identity to establish a secure connection between validated user's client and server, allowing a user to log onto a secure instant messaging network. A user can also retrieve peer user's internet protocol and public key to establish a client-to-client connection, where the data communicated between them can be encrypted using the peer's public key and can only be decrypted using the user's private key stored in the user's smart card (32a). A breakdown detection feature is also described.

Abstract translation: 描述了允许用户使用智能卡（32a）来认证其标识的安全即时消息传送的设置。 服务器（21）生成随机数，网络将该随机数发送给用户的客户端（31a）。 智能卡（32a）为每个用户存储一个唯一的私钥，并用该用户的私钥对该随机数进行加密。 数据库（11）提供公钥。 服务器（21）用公钥对随机数进行解密，将解密后的数字与随机数进行比较，由此相同的数字验证用户身份以建立经验证的用户的客户端和服务器之间的安全连接，允许用户登录到安全 即时通讯网络。 用户还可以检索对等用户的互联网协议和公钥，以建立客户端到客户端的连接，在这些连接之间可以使用对等端的公钥对它们之间传送的数据进行加密，并且只能使用存储在用户的私钥中的用户私钥进行解密 智能卡（32a）。 还介绍了故障检测功能。