公开(公告)号：CA2641215C

公开(公告)日：2010-05-25

申请号：CA2641215

申请日：1998-09-16

Applicant: SAFENET INC

Inventor： KAPLAN MICHAEL M ,  DOUD ROBERT WALKER ,  KAVSAN BRONISLAV ,  OBER TIMOTHY ,  REED PETER

IPC: H04L9/32 ,  G06F9/38 ,  G06F9/445 ,  G06F9/46 ,  G06F15/00 ,  G06F21/72 ,  G06F21/74 ,  G06F21/79 ,  G06F21/82 ,  H04L9/00 ,  H04L9/08 ,  H04L29/06

Abstract: A secure communication platform on an integrated circuit is a highly integrated security processor which incorporates a general purpose digital signal processor (DSP) (62), along with a number of high performance cryptographic function elements, as well as a PCI and PCMCIA (14) interface. The secure communications platform is integrated with an off-the-shelf DSP so that a vendor who is interested in digital signal processing could also receive built-in security functions which cooperate with the DSP. The integrated circuit includes a callable library of cryptographic commands and encryption algorithms. An encryption processor is included to perform key and data encryption, as well as a high performance hash processor and a public key accelerator (28).

公开(公告)号：US20220018715A1

公开(公告)日：2022-01-20

申请号：US17330178

申请日：2021-05-25

Applicant: Temperature SafeNet, Inc.

Inventor： Jerrod Edward Moton, JR.

IPC: G01J5/00 ,  G01J5/04 ,  G01J5/02 ,  G06K9/00 ,  G07C9/22 ,  G01J5/06

Abstract: An autonomous vehicle control system includes at least one processor. The at least one processor is configured to cause a first device to monitor a body temperature of a first person, determine, responsive to the monitoring, as a first determination result, whether the monitored body temperature exceeds a predetermined threshold, perform image processing on an image of the first person, determine, based on a result of the image processing, as a second determination result, whether the first person wears a face mask, and control a second device based on at least one of the first determination result or the second determination result.

公开(公告)号：US11139962B2

公开(公告)日：2021-10-05

申请号：US16730722

申请日：2019-12-30

Applicant: SafeNet, Inc.

Inventor： Luis Miguel Huapaya ,  Luc Astier ,  Sam Zhanpeng Wang

IPC: H04L9/08 ,  H04L29/06

Abstract: A set of users who may authenticate is predefined and is associated, each, with a reference secret share. A first subset of users who has, each, to authenticate is predefined. The device defines a second subset of the users who has, each, to authenticate while further satisfying, each, to be physically proximate to the device and an authentication condition(s). The second user subset is comprised within the first user subset comprised within the user set. The device verifies whether each user of the second user subset satisfies to be physically proximate to the device and the authentication condition(s), if yes, requests, to each user device, the secret share and receives, from each user device relating to at least the first user subset, the secret share. The device reconstructs a secret with each received secret share, verifies whether the reconstructed matches the reference and, if yes, authenticates the user set.

公开(公告)号：US20200244469A1

公开(公告)日：2020-07-30

申请号：US16262261

申请日：2019-01-30

Applicant: Safenet Inc.

Inventor： Dmitry RIYUMKIN ,  Darren JOHNSON

IPC: H04L9/32 ,  G06F21/60 ,  H04L9/14 ,  H04L9/08

Abstract: The invention is a method for handling data in a secure container comprising first and second private keys uniquely allocated to the secure container. The secure container is configured to use the first private key to handle said data in a first operating mode and to use the second private key to handle said data in a second operating mode. The secure container is configured to prevent the update of the first private key after its clearing. The method comprises the step of automatically clearing the first private key in response to a request for enabling a software module in the second operating mode and a step of automatically using the first operating mode by the secure container if the first private key has not been cleared and of automatically using the second operating mode by the secure container if the first private key has been cleared.

公开(公告)号：US20190268341A1

公开(公告)日：2019-08-29

申请号：US15906833

申请日：2018-02-27

Applicant: GEMALTO SA ,  SafeNet Inc.

Inventor： Didier HUGOT ,  Asad ALI ,  Gorav ARORA

IPC: H04L29/06 ,  G06F21/62

Abstract: The invention relates to a method, an entity and a system for managing access to data. The data is associated with metadata. At least one predetermined access policy for accessing metadata includes, for each client, at least one identifier relating to the client. An entity receives from at least one client device, a data access request that includes at least one identifier relating to the client. The entity determines, based on the associated access policy, whether the metadata access is authorized. If yes, the entity determines, based on the associated access policy, associated first data allowing to access the metadata. The entity accesses, based on the first data, the associated metadata. The entity accesses, based on the accessed metadata and the associated access policy, at least a part of the associated data, as a late dynamic binding of the metadata with the associated data (or a part of it).

公开(公告)号：US20190205045A1

公开(公告)日：2019-07-04

申请号：US15858882

申请日：2017-12-29

Applicant: GEMALTO SA ,  SafeNet Inc.

Inventor： Didier Hugot ,  Asad Ali ,  Gorav Arora

IPC: G06F3/06

CPC classification number: G06F3/0622 ,  G06F3/0637 ,  G06F3/067 ,  G06F21/31 ,  G06F21/44 ,  G06F21/604 ,  G06F21/62 ,  G06F2221/2113 ,  G06F2221/2129 ,  G06F2221/2141 ,  H04L63/08 ,  H04L63/10 ,  H04L2463/082

Abstract: The invention relates to a method for managing data access. The method includes receiving at least one request for accessing data; capturing data relating to at least one current context signal during each data access request; comparing, as a current authorization step, the data relating to at least one captured current context signal to predetermined reference data relating to at least one corresponding context signal according to at least one corresponding predetermined authorization policy; determining, based upon the current authorization result and at least one predetermined dynamic data access policy, whether the data access is or is not authorized, as a data access decision; and issuing the data access decision. The invention also relates to corresponding first device, second device and system.

公开(公告)号：US20020080958A1

公开(公告)日：2002-06-27

申请号：US09897666

申请日：2001-07-02

Applicant: SafeNet, Inc.

Inventor： Timothy Ober ,  Peter Reed

IPC: H04L009/00

CPC classification number: G06F21/72 ,  G06F8/60 ,  G06F9/46 ,  G06F21/74 ,  G06F21/79 ,  G06F21/82 ,  H04L9/0836 ,  H04L9/0841 ,  H04L9/088

Abstract: A key management scheme for managing encryption keys in a cryptographic co-processor includes the first step of selecting a key from one of a symmetrical key type and an asymmetrical key type. Then, the key bit length is selected. The key is then generated and, lastly, the key is represented in either an external form or an internal form.

Abstract translation: 用于管理加密协处理器中的加密密钥的密钥管理方案包括从对称密钥类型和非对称密钥类型之一选择密钥的第一步骤。 然后，选择键位长度。 然后生成密钥，最后，密钥以外部形式或内部形式表示。

公开(公告)号：US20010036276A1

公开(公告)日：2001-11-01

申请号：US09897251

申请日：2001-07-02

Applicant: SafeNet, Inc.

Inventor： Timothy Ober ,  Peter Reed

IPC: H04L009/00

CPC classification number: G06F21/72 ,  G06F8/60 ,  G06F9/46 ,  G06F21/74 ,  G06F21/79 ,  G06F21/82 ,  H04L9/083 ,  H04L9/0844 ,  H04L9/0894

Abstract: A method of generating a recovery key encryption key (RKEK) in a secure manner by an integrated circuit (IC) and a key recovery escrow agent includes the steps of generating by the IC a first number having a private component and a public component, and generating by the escrow agent a second number having a private component and a public component. The public component of the first number is provided to the escrow agent, and the public component of the second number is provided to the integrated circuit. A Diffie-Hellman modulo-exponentiation mathematical operation is performed by the integrated circuit using the private component of the first number, the public component of the first number and the public component of the second number to create the RKEK. A similar operation is performed by the escrow agent using the private component of the second number, the public number of the second number and the public component of the first number to create the RKEK at its end.

公开(公告)号：EP2495681A3

公开(公告)日：2013-10-09

申请号：EP12150667.9

申请日：2012-01-10

Applicant: SafeNet, Inc.

Inventor： Dunn, Chris ,  Dietz, Russell ,  Snyder, Philip ,  Frindell, Alan H.

IPC: G06F21/24

CPC classification number: G06F21/6209 ,  G06F21/575

Abstract: A host computer cloud has a processor and supports a virtual machine. An agent under control of a user is in communication with the cloud over a network. A key management server is in communication with the cloud over a network. The cloud stores the virtual machine in the form of a virtual encrypted disk on a non-volatile storage medium. When commanded by the agent, the cloud requests a disk-wrapping key from the key management server and decrypts the encrypted disk using the disk-wrapping key.

公开(公告)号：EP2495681A2

公开(公告)日：2012-09-05

申请号：EP12150667.9

申请日：2012-01-10

Applicant: SafeNet, Inc.

Inventor： Dunn, Chris ,  Dietz, Russell ,  Snyder, Philip ,  Frindell, Alan H.

IPC: G06F21/24

CPC classification number: G06F21/6209 ,  G06F21/575

Abstract: A host computer cloud has a processor and supports a virtual machine. An agent under control of a user is in communication with the cloud over a network. A key management server is in communication with the cloud over a network. The cloud stores the virtual machine in the form of a virtual encrypted disk on a non-volatile storage medium. When commanded by the agent, the cloud requests a disk-wrapping key from the key management server and decrypts the encrypted disk using the disk-wrapping key.

Abstract translation: 主机云具有处理器并支持虚拟机。 在用户控制下的代理通过网络与云通信。 密钥管理服务器通过网络与云通信。 云以虚拟加密磁盘的形式将虚拟机存储在非易失性存储介质上。 当代理人指令时，云从密钥管理服务器请求一个磁盘包装密钥，并使用磁盘包装密钥解密加密的磁盘。